From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 5 Jun 2015 11:11:25 +0000 (+0100)
Subject: Fix infinite loop in CMS
X-Git-Tag: OpenSSL_1_0_0s~4
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=857b2ced04be897488df311a257f254ad8516429;p=oweals%2Fopenssl.git

Fix infinite loop in CMS

Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index d6f5c1a344..e9e6a98513 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
             BIO_free(f);
             f = tbio;
         }
-        while (f != upto);
+        while (f && f != upto);
     } else
         BIO_free_all(f);
 }