Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
openssl.690
openssl-CVE-2015-1790.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2015-1790.patch of Package openssl.690
commit 59302b600e8d5b77ef144e447bb046fd7ab72686 Author: Emilia Kasper <emilia@openssl.org> Date: Tue May 12 19:00:30 2015 +0200 PKCS#7: Fix NULL dereference with missing EncryptedContent. CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org> Index: openssl-1.0.1i/crypto/pkcs7/pk7_doit.c =================================================================== --- openssl-1.0.1i.orig/crypto/pkcs7/pk7_doit.c 2015-06-12 12:40:53.809587792 +0200 +++ openssl-1.0.1i/crypto/pkcs7/pk7_doit.c 2015-06-12 12:40:53.838588132 +0200 @@ -468,6 +468,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body=PKCS7_get_octet_string(p7->d.sign->contents); if (!PKCS7_is_detached(p7) && data_body == NULL) { @@ -479,6 +485,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; md_sk=p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body=p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); @@ -504,6 +511,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { @@ -660,8 +673,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) - { + if (in_bio != NULL) { bio=in_bio; } else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor