evp: prevent underflow in base64 decoding

[openssl.git] / crypto / cms / cms_ess.c

diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index b2ff4fc59534849899e6566267f084048448e24e..90c0b82fb56813a8e7b3b5a71dfae2d677545c77 100644 (file)
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -59,7 +59,6 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
-#include "asn1_locl.h"
 
 DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
 DECLARE_ASN1_ITEM(CMS_Receipt)
@@ -233,7 +232,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
        CMS_ReceiptRequest *rr = NULL;
        CMS_Receipt *rct = NULL;
        STACK_OF(CMS_SignerInfo) *sis, *osis;
-       CMS_SignerInfo *si, *osi;
+       CMS_SignerInfo *si, *osi = NULL;
        ASN1_OCTET_STRING *msig, **pcont;
        ASN1_OBJECT *octype;
        unsigned char dig[EVP_MAX_MD_SIZE];
@@ -345,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 
        /* Get original receipt request details */
 
-       if (!CMS_get1_ReceiptRequest(osi, &rr))
+       if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
                goto err;
@@ -386,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 
        /* Get original receipt request details */
 
-       if (!CMS_get1_ReceiptRequest(si, &rr))
+       if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
                goto err;