From 188abf7e2a0bb2fb803aefc186cc3ac538cbf72a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 25 Mar 2009 10:40:32 +0000 Subject: [PATCH] Submitted by: Ivan Nestlerode Approved by: steve@openssl.org Check return code properly in CMS_SignerInfo_verify_content(). --- CHANGES | 5 +++++ crypto/cms/cms_smime.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 37f8ee5209..4d5295c16b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + *) Fix bug where return value of CMS_SignerInfo_verify_content() was not + checked correctly. This would allow some invalid signed attributes to + appear to verify correctly. (CVE-2009-0591) + [Ivan Nestlerode ] + *) Reject UniversalString and BMPString types with invalid lengths. This prevents a crash in ASN1_STRING_print_ex() which assumes the strings have a legal length. (CVE-2009-0590) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index cf62c68112..f35883aa22 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -425,7 +425,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!CMS_SignerInfo_verify_content(si, cmsbio)) + if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); -- 2.25.1