e2acb69c76
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org> |
||
---|---|---|
.. | ||
.cvsignore | ||
bio_pk7.c | ||
Makefile | ||
pk7_asn1.c | ||
pk7_attr.c | ||
pk7_dgst.c | ||
pk7_doit.c | ||
pk7_enc.c | ||
pk7_lib.c | ||
pk7_mime.c | ||
pk7_smime.c | ||
pkcs7.h | ||
pkcs7err.c |