| From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001 |
| From: "Dr. Stephen Henson" <steve@openssl.org> |
| Date: Fri, 2 Oct 2015 12:35:19 +0100 |
| Subject: [PATCH] Add PSS parameter check. |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| Avoid seg fault by checking mgf1 parameter is not NULL. This can be |
| triggered during certificate verification so could be a DoS attack |
| against a client or a server enabling client authentication. |
| |
| Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. |
| |
| CVE-2015-3194 |
| |
| Reviewed-by: Richard Levitte <levitte@openssl.org> |
| |
| Upstream-Status: Backport |
| |
| This patch was imported from |
| https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e |
| |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| crypto/rsa/rsa_ameth.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c |
| index ca3922e..4e06218 100644 |
| --- a/crypto/rsa/rsa_ameth.c |
| +++ b/crypto/rsa/rsa_ameth.c |
| @@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) |
| { |
| const unsigned char *p; |
| int plen; |
| - if (alg == NULL) |
| + if (alg == NULL || alg->parameter == NULL) |
| return NULL; |
| if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) |
| return NULL; |
| -- |
| 2.3.5 |
| |