In PKINIT, check for null PKCS7 enveloped fields

The PKCS7 ContentInfo content field and EncryptedContentInfo
encryptedContent field are optional.  Check for null values in
cms_envelopeddata_verify() before calling pkcs7_decrypt().  Reported
by Bahaa Naamneh.

(cherry picked from commit 48ccd81656381522d1f9ccb8705c13f0266a46ab)

ticket: 9107
version_fixed: 1.21.3

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index f41328763ec6d39a0c2ffe3fbf407efc7eb260a3..cb9c79626c3a2606bcff4656f2a89f35f84af9e7 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2272,7 +2272,9 @@ cms_envelopeddata_verify(krb5_context context,
     }
 
     /* verify that the received message is PKCS7 EnvelopedData message */
-    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) {
+    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped ||
+        p7->d.enveloped == NULL ||
+        p7->d.enveloped->enc_data->enc_data == NULL) {
         pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
                  OBJ_obj2nid(p7->type));
         krb5_set_error_message(context, retval, "wrong oid\n");