[go: nahoru, domu]
Skip to content

Commit

Permalink
Do not dereference PKCS7 object data if not set
Browse files Browse the repository at this point in the history 
Fixes CVE-2023-0216

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
  • Loading branch information
@t8m
t8m committed Feb 3, 2023
1 parent f596ec8 commit 934a04f
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions crypto/pkcs7/pk7_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -414,6 +414,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,

static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
{
if (p7->d.ptr == NULL)
return NULL;
if (PKCS7_type_is_signed(p7))
return p7->d.sign->cert;
if (PKCS7_type_is_signedAndEnveloped(p7))
Expand All @@ -423,6 +425,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)

static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7)
{
if (p7->d.ptr == NULL)
return NULL;
if (PKCS7_type_is_signedAndEnveloped(p7))
return p7->d.signed_and_enveloped->recipientinfo;
if (PKCS7_type_is_enveloped(p7))
Expand All @@ -440,13 +444,17 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
STACK_OF(PKCS7_RECIP_INFO) *rinfos;
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
STACK_OF(X509) *certs;

if (ctx == NULL)
if (ctx == NULL || p7->d.ptr == NULL)
return;

rinfos = pkcs7_get_recipient_info(p7);
sinfos = PKCS7_get_signer_info(p7);
certs = pkcs7_get_signer_certs(p7);

for (i = 0; i < sk_X509_num(certs); i++)
ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);

Expand Down

0 comments on commit 934a04f

Please sign in to comment.