Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR...
authorMatt Caswell <matt@openssl.org>
Wed, 7 May 2014 22:21:02 +0000 (23:21 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 7 May 2014 22:21:02 +0000 (23:21 +0100)
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pkcs7.h
crypto/pkcs7/pkcs7err.c

index a0559b1..0dd22ec 100644 (file)
@@ -440,6 +440,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                {
        case NID_pkcs7_signed:
                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+               if (!PKCS7_is_detached(p7) && data_body == NULL)
+                       {
+                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+                       goto err;
+                       }
                md_sk=p7->d.sign->md_algs;
                break;
        case NID_pkcs7_signedAndEnveloped:
index 267a646..44f1758 100644 (file)
@@ -456,6 +456,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_ERROR_SETTING_CIPHER                    121
 #define PKCS7_R_INVALID_MIME_TYPE                       131
 #define PKCS7_R_INVALID_NULL_POINTER                    143
+#define PKCS7_R_INVALID_SIGNED_DATA_TYPE                155
 #define PKCS7_R_MIME_NO_CONTENT_TYPE                    132
 #define PKCS7_R_MIME_PARSE_ERROR                        133
 #define PKCS7_R_MIME_SIG_PARSE_ERROR                    134
index d0af32a..f3db08e 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/pkcs7/pkcs7err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -130,6 +130,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
 {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
+{ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),"invalid signed data type"},
 {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
 {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
 {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},