diff options
| author | tb <> | 2023-02-08 07:59:24 +0000 |
|---|---|---|
| committer | tb <> | 2023-02-08 07:59:24 +0000 |
| commit | b2bb850d08aa891e5a763c57e06a3e0f5ebffb2d (patch) | |
| tree | 31b13481444b6fd1f3d68cc6e986d609c31b9647 | |
| parent | 718e2e26a755b26c2d89fde7f7cb78cc32178008 (diff) | |
| download | openbsd-b2bb850d08aa891e5a763c57e06a3e0f5ebffb2d.tar.gz openbsd-b2bb850d08aa891e5a763c57e06a3e0f5ebffb2d.tar.bz2 openbsd-b2bb850d08aa891e5a763c57e06a3e0f5ebffb2d.zip | |
openssl(1) pkcs7 avoid crash on malformed files
When printing certificates or CRLs, check signed and signedAndEnveloped
before dereferencing them. Prevents crash on inspecting malformed PKCS7
files.
ok jsing
| -rw-r--r-- | src/usr.bin/openssl/pkcs7.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c index 4f0c529424..b0acf3fd98 100644 --- a/src/usr.bin/openssl/pkcs7.c +++ b/src/usr.bin/openssl/pkcs7.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pkcs7.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */ | 1 | /* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -216,12 +216,16 @@ pkcs7_main(int argc, char **argv) | |||
| 216 | i = OBJ_obj2nid(p7->type); | 216 | i = OBJ_obj2nid(p7->type); |
| 217 | switch (i) { | 217 | switch (i) { |
| 218 | case NID_pkcs7_signed: | 218 | case NID_pkcs7_signed: |
| 219 | certs = p7->d.sign->cert; | 219 | if (p7->d.sign != NULL) { |
| 220 | crls = p7->d.sign->crl; | 220 | certs = p7->d.sign->cert; |
| 221 | crls = p7->d.sign->crl; | ||
| 222 | } | ||
| 221 | break; | 223 | break; |
| 222 | case NID_pkcs7_signedAndEnveloped: | 224 | case NID_pkcs7_signedAndEnveloped: |
| 223 | certs = p7->d.signed_and_enveloped->cert; | 225 | if (p7->d.signed_and_enveloped != NULL) { |
| 224 | crls = p7->d.signed_and_enveloped->crl; | 226 | certs = p7->d.signed_and_enveloped->cert; |
| 227 | crls = p7->d.signed_and_enveloped->crl; | ||
| 228 | } | ||
| 225 | break; | 229 | break; |
| 226 | default: | 230 | default: |
| 227 | break; | 231 | break; |