From 26fee542e65d530cdacb9282bf510602c1e2b5fd Mon Sep 17 00:00:00 2001 From: tb <> Date: Thu, 25 Jan 2024 13:44:08 +0000 Subject: Fix various NULL dereferences in PKCS #12 The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing --- src/lib/libcrypto/pkcs12/p12_mutl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/lib/libcrypto/pkcs12/p12_mutl.c') diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index f0e6df9eb6..c71ed735ea 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.35 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.36 2024/01/25 13:44:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -115,6 +115,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, { const EVP_MD *md_type; HMAC_CTX *hmac = NULL; + ASN1_OCTET_STRING *aos; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size; @@ -124,6 +125,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); goto err; } + if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL) { + PKCS12error(PKCS12_R_DECODE_ERROR); + goto err; + } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; @@ -155,8 +160,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, goto err; if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)) goto err; - if (!HMAC_Update(hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length)) + if (!HMAC_Update(hmac, aos->data, aos->length)) goto err; if (!HMAC_Final(hmac, mac, maclen)) goto err; -- cgit v1.2.3-55-g6feb