openssl

History

Emilia Kasper 544e3e3b69 PKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org> Conflicts: crypto/pkcs7/pk7_doit.c		2015-03-19 13:00:45 +00:00
..
.cvsignore	Add emacs cache files to .cvsignore.	2005-04-11 14:17:07 +00:00
Makefile	Remove ancient obsolete files under pkcs7.	2014-06-27 14:04:35 +01:00
pk7_asn1.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pk7_attr.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pk7_dgst.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pk7_doit.c	PKCS#7: avoid NULL pointer dereferences with missing content	2015-03-19 13:00:45 +00:00
pk7_enc.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pk7_lib.c	PKCS#7: avoid NULL pointer dereferences with missing content	2015-03-19 13:00:45 +00:00
pk7_mime.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pk7_smime.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pkcs7.h	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00
pkcs7err.c	Run util/openssl-format-source -v -c .	2015-01-22 09:52:55 +00:00