Check PKCS#8 pkey field is valid before cleansing.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 3 Feb 2015 14:02:51 +0000 (14:02 +0000)
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)

crypto/asn1/p8_pkey.c

index d8fc07bc0b52902b7dd5874e9e0c8b2aae09a987..6cd36ce8604e1eabd84c57b394222c18a57b189b 100644 (file)
@@ -68,7 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
     /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
     if (operation == ASN1_OP_FREE_PRE) {
         PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-        if (key->pkey->value.octet_string)
+        if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+            && key->pkey->value.octet_string != NULL)
             OPENSSL_cleanse(key->pkey->value.octet_string->data,
                             key->pkey->value.octet_string->length);
     }