From 008bf30e034c8d8b735bd346a5bc1364982fb24d Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 11 Jun 2015 16:02:05 +0000 Subject: [PATCH] Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@ --- lib/libcrypto/cms/cms_smime.c | 4 ++-- lib/libssl/src/crypto/cms/cms_smime.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c index 712f08c32f7..030cf74d21d 100644 --- a/lib/libcrypto/cms/cms_smime.c +++ b/lib/libcrypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto) tbio = BIO_pop(f); BIO_free(f); f = tbio; - } while (f != upto); + } while (f != NULL && f != upto); } else BIO_free_all(f); } diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c index 712f08c32f7..030cf74d21d 100644 --- a/lib/libssl/src/crypto/cms/cms_smime.c +++ b/lib/libssl/src/crypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.13 2015/06/11 16:02:05 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -132,7 +132,7 @@ do_free_upto(BIO *f, BIO *upto) tbio = BIO_pop(f); BIO_free(f); f = tbio; - } while (f != upto); + } while (f != NULL && f != upto); } else BIO_free_all(f); } -- 2.20.1