[openssl/openssl] 775acf: Add NULL checks where ContentInfo data can be NULL

Matt Caswell noreply at github.com
Thu Jan 25 15:32:08 UTC 2024 

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: 775acfdbd0c6af9ac855f34969cdab0c0c90844a
      https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M crypto/pkcs12/p12_add.c
    M crypto/pkcs12/p12_mutl.c
    M crypto/pkcs12/p12_npas.c
    M crypto/pkcs7/pk7_mime.c

  Log Message:
  -----------
  Add NULL checks where ContentInfo data can be NULL

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.

CVE-2024-0727

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)

(cherry picked from commit 041962b429ebe748c8b6b7922980dfb6decfef26)


  Commit: 3daedcfefdabe0fb9de3aee850ac2cca2d5fa945
      https://github.com/openssl/openssl/commit/3daedcfefdabe0fb9de3aee850ac2cca2d5fa945
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M test/recipes/80-test_pkcs12.t
    A test/recipes/80-test_pkcs12_data/bad1.p12
    A test/recipes/80-test_pkcs12_data/bad2.p12
    A test/recipes/80-test_pkcs12_data/bad3.p12

  Log Message:
  -----------
  Add some tests for various PKCS12 files with NULL ContentInfo

PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.

We add test for various instances of this problem.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)

(cherry picked from commit 8a85df7c60ba1372ee98acc5982e902d75f52130)


Compare: https://github.com/openssl/openssl/compare/8c30857e8fe9...3daedcfefdab

More information about the openssl-commits mailing list