From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 28 Nov 2024 09:10:28 +0000 (+0100)
Subject: Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE
X-Git-Tag: openssl-3.1.8~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f971a9ed5833d7b40a9265e6c19e486d08bbb210;p=thirdparty%2Fopenssl.git

Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE

We would dereference p7->d.sign pointer which can be NULL.

Reported by Han Zheng.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26078)

(cherry picked from commit f2348f1f844a54c7a95c32e2354cd29f0860c803)
---

diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 5ce591f758f..bdd62052696 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -28,6 +28,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
     /* NOTE(emilia): does not support detached digested data. */
     case PKCS7_OP_SET_DETACHED_SIGNATURE:
         if (nid == NID_pkcs7_signed) {
+            if (p7->d.sign == NULL) {
+                ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+                ret = 0;
+                break;
+            }
             ret = p7->detached = (int)larg;
             if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
                 ASN1_OCTET_STRING *os;