Update from stable branch.

73ba116e · Dr. Stephen Henson · 80b2ff97 · 73ba116e · 73ba116e · 73ba116e
隐藏空白更改
内联并排

Showing with 6 addition and 3 deletion

CHANGES CHANGES +5 -0

crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +0 -2

crypto/cms/cms_smime.c crypto/cms/cms_smime.c +1 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -751,6 +751,11 @@

 Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]

+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
     checked correctly. This would allow some invalid signed attributes to
     appear to verify correctly. (CVE-2009-0591)

--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -613,7 +613,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,

 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}

@@ -762,7 +761,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,

 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}


--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -419,7 +419,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 			{
 			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (!CMS_SignerInfo_verify_content(si, cmsbio))
+			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
 				{
 				CMSerr(CMS_F_CMS_VERIFY,
 					CMS_R_CONTENT_VERIFY_ERROR);