[31329] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.21]: In PKINIT,
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Mon Jun 24 19:51:07 2024
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20240624235102.151DB101A5F@krbdev.mit.edu>
Date: Mon, 24 Jun 2024 19:51:02 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/5cbfb6366f6c07903e67c87db0144d280717cf0c
commit 5cbfb6366f6c07903e67c87db0144d280717cf0c
Author: Greg Hudson <ghudson@mit.edu>
Date: Sat Nov 25 11:04:56 2023 -0500
In PKINIT, check for null PKCS7 enveloped fields
The PKCS7 ContentInfo content field and EncryptedContentInfo
encryptedContent field are optional. Check for null values in
cms_envelopeddata_verify() before calling pkcs7_decrypt(). Reported
by Bahaa Naamneh.
(cherry picked from commit 48ccd81656381522d1f9ccb8705c13f0266a46ab)
ticket: 9107
version_fixed: 1.21.3
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index f41328763..cb9c79626 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2272,7 +2272,9 @@ cms_envelopeddata_verify(krb5_context context,
}
/* verify that the received message is PKCS7 EnvelopedData message */
- if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) {
+ if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped ||
+ p7->d.enveloped == NULL ||
+ p7->d.enveloped->enc_data->enc_data == NULL) {
pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
OBJ_obj2nid(p7->type));
krb5_set_error_message(context, retval, "wrong oid\n");
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
