diff options
| author | tb <> | 2024-01-25 13:44:08 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-25 13:44:08 +0000 |
| commit | 26fee542e65d530cdacb9282bf510602c1e2b5fd (patch) | |
| tree | 9d0ddeedac76c50676cebd46c11f193ae4afaa82 /src/lib/libcrypto/pkcs7 | |
| parent | 7b054f5ebd9c9a69573a9698ba3ef9e1a6677d0a (diff) | |
| download | openbsd-26fee542e65d530cdacb9282bf510602c1e2b5fd.tar.gz openbsd-26fee542e65d530cdacb9282bf510602c1e2b5fd.tar.bz2 openbsd-26fee542e65d530cdacb9282bf510602c1e2b5fd.zip | |
Fix various NULL dereferences in PKCS #12
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself
is OPTIONAL. Various unpacking API assumed presence of the content type is
enough to access members of the content, resulting in crashes.
Reported by Bahaa Naamneh on libressl-security, many thanks
ok jsing
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_mime.c | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 759d9dd5a5..ce0e99eec1 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.55 2024/01/25 13:44:08 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -92,7 +92,7 @@ PKCS7_type_is_other(PKCS7* p7) | |||
| 92 | 92 | ||
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | static ASN1_OCTET_STRING * | 95 | ASN1_OCTET_STRING * |
| 96 | PKCS7_get_octet_string(PKCS7 *p7) | 96 | PKCS7_get_octet_string(PKCS7 *p7) |
| 97 | { | 97 | { |
| 98 | if (PKCS7_type_is_data(p7)) | 98 | if (PKCS7_type_is_data(p7)) |
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c index f00e18c7ef..381335589f 100644 --- a/src/lib/libcrypto/pkcs7/pk7_mime.c +++ b/src/lib/libcrypto/pkcs7/pk7_mime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_mime.c,v 1.19 2023/05/02 09:56:12 tb Exp $ */ | 1 | /* $OpenBSD: pk7_mime.c,v 1.20 2024/01/25 13:44:08 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -89,8 +89,11 @@ SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 89 | STACK_OF(X509_ALGOR) *mdalgs = NULL; | 89 | STACK_OF(X509_ALGOR) *mdalgs = NULL; |
| 90 | int ctype_nid; | 90 | int ctype_nid; |
| 91 | 91 | ||
| 92 | if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) | 92 | if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) { |
| 93 | if (p7->d.sign == NULL) | ||
| 94 | return 0; | ||
| 93 | mdalgs = p7->d.sign->md_algs; | 95 | mdalgs = p7->d.sign->md_algs; |
| 96 | } | ||
| 94 | 97 | ||
| 95 | flags ^= SMIME_OLDMIME; | 98 | flags ^= SMIME_OLDMIME; |
| 96 | 99 | ||