openssl/crypto/pkcs7
Emilia Kasper c0334c2c92 PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 12:58:35 +00:00
..
.cvsignore
bio_pk7.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
Makefile Remove ancient obsolete files under pkcs7. 2014-06-27 13:53:23 +01:00
pk7_asn1.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pk7_attr.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pk7_dgst.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pk7_doit.c PKCS#7: avoid NULL pointer dereferences with missing content 2015-03-19 12:58:35 +00:00
pk7_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pk7_lib.c PKCS#7: avoid NULL pointer dereferences with missing content 2015-03-19 12:58:35 +00:00
pk7_mime.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pk7_smime.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pkcs7.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pkcs7err.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00