summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2001-02-24 01:38:56 +0000
committerDr. Stephen Henson <steve@openssl.org>2001-02-24 01:38:56 +0000
commitdb4a465974cad1e84a16ba46f946e5db00b1fea6 (patch)
treeb33ae0b0d09cb5f406a6454b4c6aa2da0bf94190 /crypto
parent3cdc8ad07a01b1292d8441e3ed7368b4a47a40da (diff)
Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify fails.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/pkcs7/pk7_doit.c5
-rw-r--r--crypto/pkcs7/pk7_smime.c13
2 files changed, 10 insertions, 8 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 98f3b49fa9..de96148b6e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -764,6 +764,11 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
os=si->enc_digest;
pkey = X509_get_pubkey(x509);
+ if (!pkey)
+ {
+ ret = -1;
+ goto err;
+ }
if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 7fa0832ea3..5de5b591a9 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
char buf[4096];
- int i, j=0, k;
+ int i, j=0, k, ret = 0;
BIO *p7bio;
BIO *tmpout;
@@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
}
}
- sk_X509_free(signers);
- if(indata) BIO_pop(p7bio);
- BIO_free_all(p7bio);
-
- return 1;
+ ret = 1;
err:
+ if(indata) BIO_pop(p7bio);
+ BIO_free_all(p7bio);
sk_X509_free(signers);
- BIO_free(p7bio);
- return 0;
+ return ret;
}
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 19:23:47 +0000