Fix infinite loop in CMS

Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-05 12:11:25 +01:00 · 2015-06-05 12:11:25 +01:00 · 92f9a8bf38
commit 92f9a8bf38
parent 39bcfb129e
1 changed files with 1 additions and 1 deletions
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
            BIO_free(f);
            f = tbio;
        }
-        while (f != upto);
+        while (f && f != upto);
    } else
        BIO_free_all(f);
 }