CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/01/25 06:44:08
Modified files: lib/libcrypto/pkcs12: p12_add.c p12_mutl.c pkcs12_local.h lib/libcrypto/pkcs7: pk7_doit.c pk7_mime.c Log message: Fix various NULL dereferences in PKCS #12 The PKCS #7 ContentInfo has a mandatory contentType, but the content itself is OPTIONAL. Various unpacking API assumed presence of the content type is enough to access members of the content, resulting in crashes. Reported by Bahaa Naamneh on libressl-security, many thanks ok jsing