From 5b5e91aeae26b4c95cfce8aa9552cdb75cb7034a Mon Sep 17 00:00:00 2001 From: miod Date: Tue, 6 May 2014 20:17:16 +0000 Subject: [PATCH] Make sure PKCS7_get_octet_string() return values are checked for NULL. Reported by David Ramos (and simultaneously to OpenSSL as PR#3339). ok beck@ logan@ --- lib/libcrypto/pkcs7/pk7_doit.c | 12 ++++++++++-- lib/libssl/src/crypto/pkcs7/pk7_doit.c | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 936226d736d..5aa4a914cf5 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -639,10 +639,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * EOF and encode the last few bytes */ BIO_set_mem_eof_return(bio,0); - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) BIO_write(bio,(char *)data_body->data,data_body->length); #else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data,data_body->length); else { bio=BIO_new(BIO_s_mem()); @@ -788,6 +788,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; os=PKCS7_get_octet_string(p7->d.sign->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); @@ -797,6 +801,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_digest: os=PKCS7_get_octet_string(p7->d.digest->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 936226d736d..5aa4a914cf5 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -639,10 +639,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * EOF and encode the last few bytes */ BIO_set_mem_eof_return(bio,0); - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) BIO_write(bio,(char *)data_body->data,data_body->length); #else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data,data_body->length); else { bio=BIO_new(BIO_s_mem()); @@ -788,6 +788,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; os=PKCS7_get_octet_string(p7->d.sign->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); @@ -797,6 +801,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_digest: os=PKCS7_get_octet_string(p7->d.digest->contents); + if (os == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { -- 2.20.1