Add NULL checks where ContentInfo data can be NULL

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. CVE-2024-0727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23361)
author: Matt Caswell <matt@openssl.org> 2024-01-19 11:28:58 +0000
committer: Matt Caswell <matt@openssl.org> 2024-01-25 15:27:43 +0000
commit: 041962b429ebe748c8b6b7922980dfb6decfef26 (patch)
tree: 30c597b862fd146ff3859d1d7a28a4b6138ddcc3 /crypto/pkcs7
parent: 72062fca2870af4ef789cd5fc3442b3569f52c9b (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 49a0da5f81..8228315eea 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
     int ctype_nid = OBJ_obj2nid(p7->type);
     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
 
-    if (ctype_nid == NID_pkcs7_signed)
+    if (ctype_nid == NID_pkcs7_signed) {
+        if (p7->d.sign == NULL)
+            return 0;
         mdalgs = p7->d.sign->md_algs;
-    else
+    } else {
         mdalgs = NULL;
+    }
 
     flags ^= SMIME_OLDMIME;
author	Matt Caswell <matt@openssl.org>	2024-01-19 11:28:58 +0000
committer	Matt Caswell <matt@openssl.org>	2024-01-25 15:27:43 +0000
commit	041962b429ebe748c8b6b7922980dfb6decfef26 (patch)
tree	30c597b862fd146ff3859d1d7a28a4b6138ddcc3 /crypto/pkcs7
parent	72062fca2870af4ef789cd5fc3442b3569f52c9b (diff)