[openssl/openssl] 09df43: Add NULL checks where ContentInfo data can be NULL

Matt Caswell noreply at github.com
Thu Jan 25 15:37:50 UTC 2024 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 09df4395b5071217b76dc7d3d2e630eb8c5a79c2
      https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M crypto/pkcs12/p12_add.c
    M crypto/pkcs12/p12_mutl.c
    M crypto/pkcs12/p12_npas.c
    M crypto/pkcs7/pk7_mime.c

  Log Message:
  -----------
  Add NULL checks where ContentInfo data can be NULL

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.

CVE-2024-0727

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)

(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)


  Commit: 453c44b15c1c3bd8f39bc9b76451edf7ccbb1786
      https://github.com/openssl/openssl/commit/453c44b15c1c3bd8f39bc9b76451edf7ccbb1786
  Author: Matt Caswell <matt at openssl.org>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M test/recipes/80-test_pkcs12.t
    A test/recipes/80-test_pkcs12_data/bad1.p12
    A test/recipes/80-test_pkcs12_data/bad2.p12
    A test/recipes/80-test_pkcs12_data/bad3.p12

  Log Message:
  -----------
  Add some tests for various PKCS12 files with NULL ContentInfo

PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.

We add test for various instances of this problem.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)

(cherry picked from commit febb086d0fc1ea12181f4d833aa9b8fdf2133b3b)


Compare: https://github.com/openssl/openssl/compare/6c70934a46ea...453c44b15c1c

More information about the openssl-commits mailing list