diff options
author | Greg Hudson <ghudson@mit.edu> | 2023-11-25 11:04:56 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2023-11-30 16:44:01 -0500 |
commit | 48ccd81656381522d1f9ccb8705c13f0266a46ab (patch) | |
tree | 31a725445067b8e3c598b2edce2abb986bb8a0f3 | |
parent | c20251dafd6120fa08c76b19315cb9deb1a1b24e (diff) | |
download | krb5-48ccd81656381522d1f9ccb8705c13f0266a46ab.zip krb5-48ccd81656381522d1f9ccb8705c13f0266a46ab.tar.gz krb5-48ccd81656381522d1f9ccb8705c13f0266a46ab.tar.bz2 |
In PKINIT, check for null PKCS7 enveloped fields
The PKCS7 ContentInfo content field and EncryptedContentInfo
encryptedContent field are optional. Check for null values in
cms_envelopeddata_verify() before calling pkcs7_decrypt(). Reported
by Bahaa Naamneh.
ticket: 9107 (new)
tags: pullup
target_version: 1.21-next
target_version: 1.20-next
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 453b111..15c6cd8 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2464,7 +2464,9 @@ cms_envelopeddata_verify(krb5_context context, } /* verify that the received message is PKCS7 EnvelopedData message */ - if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) { + if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped || + p7->d.enveloped == NULL || + p7->d.enveloped->enc_data->enc_data == NULL) { pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n", OBJ_obj2nid(p7->type)); krb5_set_error_message(context, retval, "wrong oid\n"); |