diff options
| author | tb <> | 2024-01-25 13:44:08 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-25 13:44:08 +0000 |
| commit | 0c15b6210877e84c0a155c41b8c76f1a978d3378 (patch) | |
| tree | 9d0ddeedac76c50676cebd46c11f193ae4afaa82 /src/lib/libcrypto/pkcs7/pk7_doit.c | |
| parent | 054892485301bc4fb700ac9a0ce8338b47f40acf (diff) | |
| download | openbsd-0c15b6210877e84c0a155c41b8c76f1a978d3378.tar.gz openbsd-0c15b6210877e84c0a155c41b8c76f1a978d3378.tar.bz2 openbsd-0c15b6210877e84c0a155c41b8c76f1a978d3378.zip | |
Fix various NULL dereferences in PKCS #12
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself
is OPTIONAL. Various unpacking API assumed presence of the content type is
enough to access members of the content, resulting in crashes.
Reported by Bahaa Naamneh on libressl-security, many thanks
ok jsing
Diffstat (limited to 'src/lib/libcrypto/pkcs7/pk7_doit.c')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 759d9dd5a5..ce0e99eec1 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.55 2024/01/25 13:44:08 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -92,7 +92,7 @@ PKCS7_type_is_other(PKCS7* p7) | |||
| 92 | 92 | ||
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | static ASN1_OCTET_STRING * | 95 | ASN1_OCTET_STRING * |
| 96 | PKCS7_get_octet_string(PKCS7 *p7) | 96 | PKCS7_get_octet_string(PKCS7 *p7) |
| 97 | { | 97 | { |
| 98 | if (PKCS7_type_is_data(p7)) | 98 | if (PKCS7_type_is_data(p7)) |