CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/01/25 06:44:08
Modified files:
lib/libcrypto/pkcs12: p12_add.c p12_mutl.c pkcs12_local.h
lib/libcrypto/pkcs7: pk7_doit.c pk7_mime.c
Log message:
Fix various NULL dereferences in PKCS #12
The PKCS #7 ContentInfo has a mandatory contentType, but the content itself
is OPTIONAL. Various unpacking API assumed presence of the content type is
enough to access members of the content, resulting in crashes.
Reported by Bahaa Naamneh on libressl-security, many thanks
ok jsing
