Avoid an infinite loop that can occur when verifying a message with an

unknown hash function OID.

Diff based on OpenSSL.

Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).

ok doug@ miod@

diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c
index 712f08c..030cf74 100644 (file)
--- a/lib/libcrypto/cms/cms_smime.c
+++ b/lib/libcrypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */
+/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto)
                        tbio = BIO_pop(f);
                        BIO_free(f);
                        f = tbio;
-               } while (f != upto);
+               } while (f != NULL && f != upto);
        } else
                BIO_free_all(f);
 }

diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c
index 712f08c..030cf74 100644 (file)
--- a/lib/libssl/src/crypto/cms/cms_smime.c
+++ b/lib/libssl/src/crypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */
+/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto)
                        tbio = BIO_pop(f);
                        BIO_free(f);
                        f = tbio;
-               } while (f != upto);
+               } while (f != NULL && f != upto);
        } else
                BIO_free_all(f);
 }