ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path

[openssl.git] / crypto / pkcs7 / pk7_doit.c

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 77fda3b82a07692ee85158d4f7cfc88b44bd5d10..0dd22ec5754478b3929bed99f1c309d80790b565 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -440,6 +440,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                {
        case NID_pkcs7_signed:
                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+               if (!PKCS7_is_detached(p7) && data_body == NULL)
+                       {
+                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+                       goto err;
+                       }
                md_sk=p7->d.sign->md_algs;
                break;
        case NID_pkcs7_signedAndEnveloped:
@@ -544,7 +549,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                if (pcert == NULL)
                        {
                        /* Always attempt to decrypt all rinfo even
-                        * after sucess as a defence against MMA timing
+                        * after success as a defence against MMA timing
                         * attacks.
                         */
                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
@@ -928,6 +933,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
                goto err;
        OPENSSL_free(abuf);
+       abuf = NULL;
        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
        abuf = OPENSSL_malloc(siglen);