Commit 92f9a8bf authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix infinite loop in CMS 



Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 39bcfb12

crypto/cms/cms_smime.c

+1 −1
Original line number Diff line number Diff line
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto) 
            BIO_free(f);

            f = tbio;

        }

        while (f != upto);

        while (f && f != upto);

    } else

        BIO_free_all(f);

}