Commit c394a488 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Matt Caswell
Browse files

Add PSS parameter check. 



Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent d73cc256

crypto/rsa/rsa_ameth.c

+1 −1
Original line number Diff line number Diff line
@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) 
{

    const unsigned char *p;

    int plen;

    if (alg == NULL)

    if (alg == NULL || alg->parameter == NULL)

        return NULL;

    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)

        return NULL;