diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-02-24 01:38:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-02-24 01:38:56 +0000 |
commit | db4a465974cad1e84a16ba46f946e5db00b1fea6 (patch) | |
tree | b33ae0b0d09cb5f406a6454b4c6aa2da0bf94190 /crypto | |
parent | 3cdc8ad07a01b1292d8441e3ed7368b4a47a40da (diff) |
Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 5 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 13 |
2 files changed, 10 insertions, 8 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 98f3b49fa9..de96148b6e 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -764,6 +764,11 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); os=si->enc_digest; pkey = X509_get_pubkey(x509); + if (!pkey) + { + ret = -1; + goto err; + } if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 7fa0832ea3..5de5b591a9 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; - int i, j=0, k; + int i, j=0, k, ret = 0; BIO *p7bio; BIO *tmpout; @@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } } - sk_X509_free(signers); - if(indata) BIO_pop(p7bio); - BIO_free_all(p7bio); - - return 1; + ret = 1; err: + if(indata) BIO_pop(p7bio); + BIO_free_all(p7bio); sk_X509_free(signers); - BIO_free(p7bio); - return 0; + return ret; } STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) |