replicant_openssl.git - Security patches for Openssl in Replicant

diff options

author	Emilia Kasper <emilia@openssl.org>	2015-02-27 16:52:23 +0100
committer	Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>	2015-10-22 01:04:39 +0200
commit	f9e59981ba64f0264ae52379e35164d48133ddaf (patch)
tree	da02dda18fca8f0cae17dcecfe7fd6ca5bfae5de /crypto/aes
parent	429425f624e9dc239ef60846d842ee25233e223a (diff)
download	replicant_openssl-f9e59981ba64f0264ae52379e35164d48133ddaf.zip replicant_openssl-f9e59981ba64f0264ae52379e35164d48133ddaf.tar.gz replicant_openssl-f9e59981ba64f0264ae52379e35164d48133ddaf.tar.bz2

PKCS#7: avoid NULL pointer dereferences with missing content

In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>

Diffstat (limited to 'crypto/aes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: