diff options
author | Adam Langley <agl@chromium.org> | 2014-06-20 23:00:00 +0400 |
---|---|---|
committer | Adam Langley <agl@chromium.org> | 2014-06-21 00:17:39 +0400 |
commit | e2c2f60c447eeb069a6d12e349347956ec8e42c9 (patch) | |
tree | 2cbe5926e21e11f4b7e93489b225be9211c11779 /crypto/x509 | |
parent | db4f9521b536d0f8d208610465fe9e1388e01beb (diff) |
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
(Imported from upstream's e9b4b8afbd129adc18d3fe71ca2ab34fe61d8640)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/a_verify.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c index 2bece385..51f0b352 100644 --- a/crypto/x509/a_verify.c +++ b/crypto/x509/a_verify.c @@ -81,6 +81,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, int mdnid, pknid; + if (!pkey) + { + OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_PASSED_NULL_PARAMETER); + return 1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ |