From aa5715c96c457686015e476e775057a0acd5b072 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 9 Mar 2023 18:20:10 +0000 Subject: [PATCH] Add missing error checking in PKCS7 Check the return value of BIO_set_md(). Prompted by OpenSSL's fix for CVE-2023-0401 (the crash in that bug is an OpenSSL 3-only problem due to provider design). ok beck jsing --- lib/libcrypto/pkcs7/pk7_doit.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 1fcc37a983f..d5edaedbd04 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.51 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.52 2023/03/09 18:20:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,6 +112,7 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) { BIO *btmp; const EVP_MD *md; + if ((btmp = BIO_new(BIO_f_md())) == NULL) { PKCS7error(ERR_R_BIO_LIB); goto err; @@ -123,7 +124,11 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) goto err; } - BIO_set_md(btmp, md); + if (BIO_set_md(btmp, md) <= 0) { + PKCS7error(ERR_R_BIO_LIB); + goto err; + } + if (*pbio == NULL) *pbio = btmp; else if (!BIO_push(*pbio, btmp)) { @@ -497,7 +502,10 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } - BIO_set_md(btmp, evp_md); + if (BIO_set_md(btmp, evp_md) <= 0) { + PKCS7error(ERR_R_BIO_LIB); + goto err; + } if (out == NULL) out = btmp; else -- 2.20.1