From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 1 Jun 2010 14:39:57 +0000 (+0000)
Subject: Fix CVE-2010-0742
X-Git-Tag: OpenSSL_0_9_8o~1
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=82b6b541b1d9a3d644c96afa9ae44cc1f4c6040d;p=oweals%2Fopenssl.git

Fix CVE-2010-0742
---

diff --git a/CHANGES b/CHANGES
index a20fe1759c..2a1bc37a97 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
 
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+
   *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
      common in certificates and some applications which only call
      SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 7664921861..b253d54b57 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
 
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {