In PKINIT, check for null PKCS7 enveloped fields

The PKCS7 ContentInfo content field and EncryptedContentInfo
encryptedContent field are optional.  Check for null values in
cms_envelopeddata_verify() before calling pkcs7_decrypt().  Reported
by Bahaa Naamneh.

ticket: 9107 (new)
tags: pullup
target_version: 1.21-next
target_version: 1.20-next

1 files changed, 3 insertions, 1 deletions

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 453b111..15c6cd8 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2464,7 +2464,9 @@ cms_envelopeddata_verify(krb5_context context,
     }
 
     /* verify that the received message is PKCS7 EnvelopedData message */
-    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) {
+    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped ||
+        p7->d.enveloped == NULL ||
+        p7->d.enveloped->enc_data->enc_data == NULL) {
         pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
                  OBJ_obj2nid(p7->type));
         krb5_set_error_message(context, retval, "wrong oid\n");