From aa5ab40860deb3dc6d4d4c98a4efea99f7040a46 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 5 Jun 2015 12:11:25 +0100
Subject: [PATCH] Fix infinite loop in CMS

Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/cms/cms_smime.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8729e3f9c0..b39ed48998 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -132,7 +132,7 @@ static void do_free_upto(BIO *f, BIO *upto)
             BIO_free(f);
             f = tbio;
         }
-        while (f != upto);
+        while (f && f != upto);
     } else
         BIO_free_all(f);
 }
-- 
2.34.1