projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 80b2ff9)
Update from stable branch.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 25 Mar 2009 12:54:14 +0000 (12:54 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 25 Mar 2009 12:54:14 +0000 (12:54 +0000)
CHANGES patch | blob | history
crypto/asn1/tasn_dec.c patch | blob | history
crypto/cms/cms_smime.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index 1b034ceb31fef6f4029d7b2d27d15b8e75f3d7ee..6d2006e723441bd6a2ef49ba7ee41597ece1b5e7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -751,6 +751,11 @@
 
  Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]
 
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
   *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
      checked correctly. This would allow some invalid signed attributes to
      appear to verify correctly. (CVE-2009-0591)
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 359e9c304bfd311166104c49942466212ac612f0..3bee439968e47c3bf86023e4213789e3c7abaf52 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -613,7 +613,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
 
        err:
        ASN1_template_free(val, tt);
-       *val = NULL;
        return 0;
        }
 
@@ -762,7 +761,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 
        err:
        ASN1_template_free(val, tt);
-       *val = NULL;
        return 0;
        }
 
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 12fc844d934e7657a29c9c2ef5f884917a05098d..4a799eb89765c6c5cba7f48a347a86a720104d1f 100644 (file)
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -419,7 +419,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
                for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
                        {
                        si = sk_CMS_SignerInfo_value(sinfos, i);
-                       if (!CMS_SignerInfo_verify_content(si, cmsbio))
+                       if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
                                {
                                CMSerr(CMS_F_CMS_VERIFY,
                                        CMS_R_CONTENT_VERIFY_ERROR);
Unnamed repository; edit this file 'description' to name the repository.