From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 11 Oct 2025 12:27:52 +0000 (+0800)
Subject: asn_mime: Harden SMIME_write_ASN1_ex() against an empty stack
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~186
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cd8e477c2f4b988cce00f305977fa1af9b2f4e5;p=thirdparty%2Fopenssl.git

asn_mime: Harden SMIME_write_ASN1_ex() against an empty stack

Label an empty digest list as `signed-data` instead of `certs-only`.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28881)
---

diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index f3511fedd7d..c72aca06a6f 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -333,7 +333,7 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
     } else if (ctype_nid == NID_pkcs7_signed) {
         if (econt_nid == NID_id_smime_ct_receipt)
             msg_type = "signed-receipt";
-        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+        else if (mdalgs != NULL && sk_X509_ALGOR_num(mdalgs) > 0)
             msg_type = "signed-data";
         else
             msg_type = "certs-only";