Ugh, BIO_find_type() cannot be passed a NULL.

Fix doc example, and fix BIO_find_type(). Fix PKCS7_verify(). It was using 'i' for both the loop variable and the verify return value.

Ugh, BIO_find_type() cannot be passed a NULL.
Fix doc example, and fix BIO_find_type(). Fix PKCS7_verify(). It was using 'i' for both the loop variable and the verify return value.
f50c11ca · Dr. Stephen Henson · cfd3bb17 · f50c11ca · f50c11ca · f50c11ca
Showing with 15 addition and 5 deletion

CHANGES CHANGES +4 -0

crypto/bio/bio_lib.c crypto/bio/bio_lib.c +1 -0

crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +3 -3

doc/crypto/BIO_find_type.pod doc/crypto/BIO_find_type.pod +7 -2

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su@celocom.de>]
+
  *) Major change in util/mkdef.pl to include extra information
     about each symbol, as well as presentig variables as well
     as functions.  This change means that there's n more need

--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -418,6 +418,7 @@ BIO *BIO_find_type(BIO *bio, int type)
 	{
 	int mt,mask;

+	if(!bio) return NULL;
 	mask=type&0xff;
 	do	{
 		if (bio->method != NULL)

--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	PKCS7_SIGNER_INFO *si;
 	X509_STORE_CTX cert_ctx;
 	char buf[4096];
-	int i, j=0;
+	int i, j=0, k;
 	BIO *p7bio;
 	BIO *tmpout;

@@ -193,8 +193,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,

 	/* Now verify the certificates */

-	if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
-		signer = sk_X509_value (signers, i);
+	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
+		signer = sk_X509_value (signers, k);
 		if (!(flags & PKCS7_NOCHAIN)) {
 			X509_STORE_CTX_init(&cert_ctx, store, signer,
 							p7->d.sign->cert);

--- a/doc/crypto/BIO_find_type.pod
+++ b/doc/crypto/BIO_find_type.pod
@@ -71,6 +71,11 @@ use:

 next = bio->next_bio;

+=head1 BUGS
+
+BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a
+NULL pointer for the B<b> argument.
+
 =head1 EXAMPLE

 Traverse a chain looking for digest BIOs:
@@ -78,14 +83,14 @@ Traverse a chain looking for digest BIOs:
 BIO *btmp;
 btmp = in_bio;	/* in_bio is chain to search through */

- for(;;) {
+ do {
 	btmp = BIO_find_type(btmp, BIO_TYPE_MD);
 	if(btmp == NULL) break;	/* Not found */
 	/* btmp is a digest BIO, do something with it ...*/
   	...

 	btmp = BIO_next(btmp);
- } 
+ } while(btmp);


 =head1 SEE ALSO