From 8682251898e9d78e4b4fb68e97615ae3edc97fc4 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 8 Feb 2023 07:59:24 +0000
Subject: openssl(1) pkcs7 avoid crash on malformed files

When printing certificates or CRLs, check signed and signedAndEnveloped
before dereferencing them. Prevents crash on inspecting malformed PKCS7
files.

ok jsing
---
 src/usr.bin/openssl/pkcs7.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c
index 4f0c529424..b0acf3fd98 100644
--- a/src/usr.bin/openssl/pkcs7.c
+++ b/src/usr.bin/openssl/pkcs7.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs7.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -216,12 +216,16 @@ pkcs7_main(int argc, char **argv)
 		i = OBJ_obj2nid(p7->type);
 		switch (i) {
 		case NID_pkcs7_signed:
-			certs = p7->d.sign->cert;
-			crls = p7->d.sign->crl;
+			if (p7->d.sign != NULL) {
+				certs = p7->d.sign->cert;
+				crls = p7->d.sign->crl;
+			}
 			break;
 		case NID_pkcs7_signedAndEnveloped:
-			certs = p7->d.signed_and_enveloped->cert;
-			crls = p7->d.signed_and_enveloped->crl;
+			if (p7->d.signed_and_enveloped != NULL) {
+				certs = p7->d.signed_and_enveloped->cert;
+				crls = p7->d.signed_and_enveloped->crl;
+			}
 			break;
 		default:
 			break;
-- 
cgit v1.2.3-55-g6feb