Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 1 | From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001 |
| 2 | From: "Dr. Stephen Henson" <steve@openssl.org> |
| 3 | Date: Fri, 2 Oct 2015 12:35:19 +0100 |
| 4 | Subject: [PATCH] Add PSS parameter check. |
| 5 | MIME-Version: 1.0 |
| 6 | Content-Type: text/plain; charset=UTF-8 |
| 7 | Content-Transfer-Encoding: 8bit |
| 8 | |
| 9 | Avoid seg fault by checking mgf1 parameter is not NULL. This can be |
| 10 | triggered during certificate verification so could be a DoS attack |
| 11 | against a client or a server enabling client authentication. |
| 12 | |
| 13 | Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. |
| 14 | |
| 15 | CVE-2015-3194 |
| 16 | |
| 17 | Reviewed-by: Richard Levitte <levitte@openssl.org> |
| 18 | |
| 19 | Upstream-Status: Backport |
| 20 | |
| 21 | This patch was imported from |
| 22 | https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e |
| 23 | |
| 24 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 25 | |
| 26 | --- |
| 27 | crypto/rsa/rsa_ameth.c | 2 +- |
| 28 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 29 | |
| 30 | diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c |
| 31 | index ca3922e..4e06218 100644 |
| 32 | --- a/crypto/rsa/rsa_ameth.c |
| 33 | +++ b/crypto/rsa/rsa_ameth.c |
| 34 | @@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) |
| 35 | { |
| 36 | const unsigned char *p; |
| 37 | int plen; |
| 38 | - if (alg == NULL) |
| 39 | + if (alg == NULL || alg->parameter == NULL) |
| 40 | return NULL; |
| 41 | if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) |
| 42 | return NULL; |
| 43 | -- |
| 44 | 2.3.5 |
| 45 | |