[openssl-commits] [openssl] OpenSSL_0_9_8-stable update

[Dr. Stephen Henson]

The branch OpenSSL_0_9_8-stable has been updated
       via  d64a227f1f433cd754baee4065127d28723237ff (commit)
      from  6844c129682c525af278bac75cb5d0696b85fa10 (commit)


- Log -----------------------------------------------------------------
commit d64a227f1f433cd754baee4065127d28723237ff
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sun Feb 1 13:06:32 2015 +0000

    Check PKCS#8 pkey field is valid before cleansing.
    
    PR:3683
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/p8_pkey.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index d8fc07b..6cd36ce 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -68,7 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
     /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
     if (operation == ASN1_OP_FREE_PRE) {
         PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-        if (key->pkey->value.octet_string)
+        if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+            && key->pkey->value.octet_string != NULL)
             OPENSSL_cleanse(key->pkey->value.octet_string->data,
                             key->pkey->value.octet_string->length);
     }