[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: cvs commit: openssl/crypto/pkcs7 pk7_doit.c pk7_smime.c
From: steve () openssl ! org
Date: 2001-02-24 1:46:48
[Download RAW message or body]
steve 24-Feb-2001 02:46:48
Modified: . Tag: OpenSSL_0_9_6-stable CHANGES
crypto/pkcs7 Tag: OpenSSL_0_9_6-stable pk7_doit.c
pk7_smime.c
Log:
Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
Revision Changes Path
No revision
No revision
1.618.2.41 +5 -0 openssl/CHANGES
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.618.2.40
retrieving revision 1.618.2.41
diff -u -r1.618.2.40 -r1.618.2.41
--- CHANGES 2001/02/20 08:22:18 1.618.2.40
+++ CHANGES 2001/02/24 01:46:38 1.618.2.41
@@ -4,6 +4,11 @@
Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
+ *) Avoid coredump with unsupported or invalid public keys by checking if
+ X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+ PKCS7_verify() fails with non detached data.
+ [Steve Henson]
+
*) Don't use getenv in library functions when run as setuid/setgid.
New function OPENSSL_issetugid().
[Ulf Moeller]
No revision
No revision
1.37.2.1 +5 -0 openssl/crypto/pkcs7/pk7_doit.c
1.14.2.1 +5 -8 openssl/crypto/pkcs7/pk7_smime.c
Index: pk7_doit.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/pkcs7/pk7_doit.c,v
retrieving revision 1.37
retrieving revision 1.37.2.1
diff -u -r1.37 -r1.37.2.1
--- pk7_doit.c 2000/09/17 18:21:02 1.37
+++ pk7_doit.c 2001/02/24 01:46:45 1.37.2.1
@@ -783,6 +783,11 @@
os=si->enc_digest;
pkey = X509_get_pubkey(x509);
+ if (!pkey)
+ {
+ ret = -1;
+ goto err;
+ }
if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
Index: pk7_smime.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/pkcs7/pk7_smime.c,v
retrieving revision 1.14
retrieving revision 1.14.2.1
diff -u -r1.14 -r1.14.2.1
--- pk7_smime.c 2000/09/18 12:30:57 1.14
+++ pk7_smime.c 2001/02/24 01:46:46 1.14.2.1
@@ -153,7 +153,7 @@
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
char buf[4096];
- int i, j=0, k;
+ int i, j=0, k, ret = 0;
BIO *p7bio;
BIO *tmpout;
@@ -258,18 +258,15 @@
}
}
- sk_X509_free(signers);
- if(indata) BIO_pop(p7bio);
- BIO_free_all(p7bio);
+ ret = 1;
- return 1;
-
err:
+ if(indata) BIO_pop(p7bio);
+ BIO_free_all(p7bio);
sk_X509_free(signers);
- BIO_free(p7bio);
- return 0;
+ return ret;
}
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic