diff --git a/CHANGES b/CHANGES index 5ada535aba15b1ef2ab1a7b81443a32f1919225d..01f8d5b87af031f1b539c274c9452af88f8f6938 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Fix bug in PKCS7_verify() which caused an infinite loop + if there was more than one signature. + [Sven Uszpelkat ] + *) Major change in util/mkdef.pl to include extra information about each symbol, as well as presentig variables as well as functions. This change means that there's n more need diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index fa32df041e2d7c0dbb9f4eee58b0f39fb01b6ae9..381afc9b8e03a05d5e8b3459e5a3d9facc4b5055 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -418,6 +418,7 @@ BIO *BIO_find_type(BIO *bio, int type) { int mt,mask; + if(!bio) return NULL; mask=type&0xff; do { if (bio->method != NULL) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 19e0b28a396ec0ac203b5ddd5748ed081bcf69ca..c8cd5a7f73eb370ecd3c6f9d3c55b4f1e5b599dd 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; - int i, j=0; + int i, j=0, k; BIO *p7bio; BIO *tmpout; @@ -193,8 +193,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Now verify the certificates */ - if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { - signer = sk_X509_value (signers, i); + if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value (signers, k); if (!(flags & PKCS7_NOCHAIN)) { X509_STORE_CTX_init(&cert_ctx, store, signer, p7->d.sign->cert); diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod index 1a1d6bfad5db00b265e5f04d00836f1a825984fe..cc18c06228d3784e02f4fbc29254913f745a2bc5 100644 --- a/doc/crypto/BIO_find_type.pod +++ b/doc/crypto/BIO_find_type.pod @@ -71,6 +71,11 @@ use: next = bio->next_bio; +=head1 BUGS + +BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a +NULL pointer for the B argument. + =head1 EXAMPLE Traverse a chain looking for digest BIOs: @@ -78,14 +83,14 @@ Traverse a chain looking for digest BIOs: BIO *btmp; btmp = in_bio; /* in_bio is chain to search through */ - for(;;) { + do { btmp = BIO_find_type(btmp, BIO_TYPE_MD); if(btmp == NULL) break; /* Not found */ /* btmp is a digest BIO, do something with it ...*/ ... btmp = BIO_next(btmp); - } + } while(btmp); =head1 SEE ALSO