In PKINIT, check for null PKCS7 enveloped fields

The PKCS7 ContentInfo content field and EncryptedContentInfo
encryptedContent field are optional.  Check for null values in
cms_envelopeddata_verify() before calling pkcs7_decrypt().  Reported
by Bahaa Naamneh.

ticket: 9107 (new)
tags: pullup
target_version: 1.21-next
target_version: 1.20-next

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 453b1119a430a6b47757712e3e81411a3ee6be1c..15c6cd8c4ba3bf98f29fc8125dd4bab7f4201335 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2464,7 +2464,9 @@ cms_envelopeddata_verify(krb5_context context,
     }
 
     /* verify that the received message is PKCS7 EnvelopedData message */
-    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) {
+    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped ||
+        p7->d.enveloped == NULL ||
+        p7->d.enveloped->enc_data->enc_data == NULL) {
         pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
                  OBJ_obj2nid(p7->type));
         krb5_set_error_message(context, retval, "wrong oid\n");