From 58ffc3d7f449145543729f67d0f11126fc84fa30 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 30 May 2023 11:09:08 +0000 Subject: [PATCH] Use error check to ensure we have SignedData in CMS CMS_get0_SignerInfos() only returns a non-NULL pointer if the CMS object contains SignedData. The subsequent assert can trigger if we parse an object that is not of this type. Nothing ensures this up to this point, so we have no way of knowing that the assertion is actually true. If we get a CMS object without SignedData, we should ignore it, not abort the rpki-client run. With this check in place it is also clear that we actually check point 1a of the list of things to check in RFC 6488, section 3. ok claudio job --- usr.sbin/rpki-client/cms.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index 681a9c81d20..eb8a2016596 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.33 2023/03/13 19:46:55 job Exp $ */ +/* $OpenBSD: cms.c,v 1.34 2023/05/30 11:09:08 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -144,8 +144,17 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, /* RFC 6488 section 3 verify the CMS */ /* the version of SignedData and SignerInfos can't be verified */ - sinfos = CMS_get0_SignerInfos(cms); - assert(sinfos != NULL); + /* Should only return NULL if cms is not of type SignedData. */ + if ((sinfos = CMS_get0_SignerInfos(cms)) == NULL) { + if ((obj = CMS_get0_type(cms)) == NULL) { + warnx("%s: RFC 6488: missing content-type", fn); + goto out; + } + OBJ_obj2txt(buf, sizeof(buf), obj, 1); + warnx("%s: RFC 6488: no signerInfo in CMS object of type %s", + fn, buf); + goto out; + } if (sk_CMS_SignerInfo_num(sinfos) != 1) { cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn); goto out; -- 2.20.1