Skip to content
Commit c0334c2c authored by Emilia Kasper's avatar Emilia Kasper Committed by Matt Caswell
Browse files

PKCS#7: avoid NULL pointer dereferences with missing content



In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: default avatarSteve Henson <steve@openssl.org>
parent c3c7fb07
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment