diff options
| author |   miod <miod@openbsd.org> | 2014-05-06 20:17:16 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-05-06 20:17:16 +0000 |
| commit | 5b5e91aeae26b4c95cfce8aa9552cdb75cb7034a (patch) | |
| tree | f04f3671fbdde7f7054c9f76398aeb525140dc31 | |
| parent | Remove the ``addressable'' argument to search_string_def(). Turned out to be (diff) | |
| download | wireguard-openbsd-5b5e91aeae26b4c95cfce8aa9552cdb75cb7034a.tar.xz wireguard-openbsd-5b5e91aeae26b4c95cfce8aa9552cdb75cb7034a.zip | |
Make sure PKCS7_get_octet_string() return values are checked for NULL.
Reported by David Ramos (and simultaneously to OpenSSL as PR#3339).
ok beck@ logan@
| -rw-r--r-- | lib/libcrypto/pkcs7/pk7_doit.c | 12 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_doit.c | 12 |
2 files changed, 20 insertions, 4 deletions
diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 936226d736d..5aa4a914cf5 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -639,10 +639,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * EOF and encode the last few bytes */ BIO_set_mem_eof_return(bio,0); - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) BIO_write(bio,(char *)data_body->data,data_body->length); #else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data,data_body->length); else { bio=BIO_new(BIO_s_mem()); @@ -788,6 +788,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; os=PKCS7_get_octet_string(p7->d.sign->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); @@ -797,6 +801,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_digest: os=PKCS7_get_octet_string(p7->d.digest->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 936226d736d..5aa4a914cf5 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -639,10 +639,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * EOF and encode the last few bytes */ BIO_set_mem_eof_return(bio,0); - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) BIO_write(bio,(char *)data_body->data,data_body->length); #else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data,data_body->length); else { bio=BIO_new(BIO_s_mem()); @@ -788,6 +788,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; os=PKCS7_get_octet_string(p7->d.sign->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); @@ -797,6 +801,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_digest: os=PKCS7_get_octet_string(p7->d.digest->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { |