From: jsing Date: Thu, 11 Jun 2015 16:02:05 +0000 (+0000) Subject: Avoid an infinite loop that can occur when verifying a message with an X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=008bf30e034c8d8b735bd346a5bc1364982fb24d;p=openbsd Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@ --- diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c index 712f08c32f7..030cf74d21d 100644 --- a/lib/libcrypto/cms/cms_smime.c +++ b/lib/libcrypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto) tbio = BIO_pop(f); BIO_free(f); f = tbio; - } while (f != upto); + } while (f != NULL && f != upto); } else BIO_free_all(f); } diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c index 712f08c32f7..030cf74d21d 100644 --- a/lib/libssl/src/crypto/cms/cms_smime.c +++ b/lib/libssl/src/crypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto) tbio = BIO_pop(f); BIO_free(f); f = tbio; - } while (f != upto); + } while (f != NULL && f != upto); } else BIO_free_all(f); }