openssl/sme8/openssl-fips-0.9.8e-cve-2015-0289.patch

diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c
--- openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref        2015-04-01 12:41:27.998402503 +0200
+++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c 2015-04-02 15:24:26.781363674 +0200
@@ -151,6 +151,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        EVP_PKEY *pkey;
        ASN1_OCTET_STRING *os=NULL;
 
+       if (p7 == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+               return NULL;
+               }
+       /*
+        * The content field in the PKCS7 ContentInfo is optional, but that really
+        * only applies to inner content (precisely, detached signatures).
+        *
+        * When reading content, missing outer content is therefore treated as an
+        * error.
+        *
+        * When creating content, PKCS7_content_new() must be called before
+        * calling this method, so a NULL p7->d is always an error.
+        */
+       if (p7->d.ptr == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+               return NULL;
+               }
+
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
 
@@ -345,6 +366,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
 
+       if (p7 == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+               return NULL;
+               }
+
+       if (p7->d.ptr == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+               return NULL;
+               }
+
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
 
@@ -352,6 +385,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
                {
        case NID_pkcs7_signed:
                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+               if (!PKCS7_is_detached(p7) && data_body == NULL)
+                       {
+                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                               PKCS7_R_NO_CONTENT);
+                       goto err;
+                       }
                md_sk=p7->d.sign->md_algs;
                break;
        case NID_pkcs7_signedAndEnveloped:
@@ -640,6 +679,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
        ASN1_OCTET_STRING *os=NULL;
 
+       if (p7 == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+               return 0;
+               }
+
+       if (p7->d.ptr == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+               return 0;
+               }
+
        EVP_MD_CTX_init(&ctx_tmp);
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
@@ -671,6 +722,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                /* If detached data then the content is excluded */
                if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
                        M_ASN1_OCTET_STRING_free(os);
+                       os = NULL;
                        p7->d.sign->contents->d.data = NULL;
                }
                break;
@@ -681,6 +733,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
                        {
                        M_ASN1_OCTET_STRING_free(os);
+                       os = NULL;
                        p7->d.digest->contents->d.data = NULL;
                        }
                break;
@@ -818,6 +871,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
        if (!PKCS7_is_detached(p7))
                {
+               /*
+                * NOTE(emilia): I think we only reach os == NULL here because detached
+                * digested data support is broken.
+                */
+               if (os == NULL)
+                       goto err;
                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
                if (btmp == NULL)
                        {
@@ -852,6 +911,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
        STACK_OF(X509) *cert;
        X509 *x509;
 
+       if (p7 == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+               return 0;
+               }
+
+       if (p7->d.ptr == NULL)
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+               return 0;
+               }
+
        if (PKCS7_type_is_signed(p7))
                {
                cert=p7->d.sign->cert;
diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c
--- openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref 2007-02-03 10:51:59.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c  2015-04-02 15:18:12.874970022 +0200
@@ -473,6 +473,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
 
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
        {
+       if (p7 == NULL || p7->d.ptr == NULL)
+               return NULL;
        if (PKCS7_type_is_signed(p7))
                {
                return(p7->d.sign->signer_info);
1	diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c
2	--- openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref 2015-04-01 12:41:27.998402503 +0200
3	+++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c 2015-04-02 15:24:26.781363674 +0200
4	@@ -151,6 +151,27 @@ BIO PKCS7_dataInit(PKCS7 p7, BIO *bio)
5	EVP_PKEY *pkey;
6	ASN1_OCTET_STRING *os=NULL;
7
8	+ if (p7 == NULL)
9	+ {
10	+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
11	+ return NULL;
12	+ }
13	+ /*
14	+ * The content field in the PKCS7 ContentInfo is optional, but that really
15	+ * only applies to inner content (precisely, detached signatures).
16	+ *
17	+ * When reading content, missing outer content is therefore treated as an
18	+ * error.
19	+ *
20	+ * When creating content, PKCS7_content_new() must be called before
21	+ * calling this method, so a NULL p7->d is always an error.
22	+ */
23	+ if (p7->d.ptr == NULL)
24	+ {
25	+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
26	+ return NULL;
27	+ }
28	+
29	i=OBJ_obj2nid(p7->type);
30	p7->state=PKCS7_S_HEADER;
31
32	@@ -345,6 +366,18 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKE
33	X509_ALGOR *xalg=NULL;
34	PKCS7_RECIP_INFO *ri=NULL;
35
36	+ if (p7 == NULL)
37	+ {
38	+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
39	+ return NULL;
40	+ }
41	+
42	+ if (p7->d.ptr == NULL)
43	+ {
44	+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
45	+ return NULL;
46	+ }
47	+
48	i=OBJ_obj2nid(p7->type);
49	p7->state=PKCS7_S_HEADER;
50
51	@@ -352,6 +385,12 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKE
52	{
53	case NID_pkcs7_signed:
54	data_body=PKCS7_get_octet_string(p7->d.sign->contents);
55	+ if (!PKCS7_is_detached(p7) && data_body == NULL)
56	+ {
57	+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,
58	+ PKCS7_R_NO_CONTENT);
59	+ goto err;
60	+ }
61	md_sk=p7->d.sign->md_algs;
62	break;
63	case NID_pkcs7_signedAndEnveloped:
64	@@ -640,6 +679,18 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
65	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
66	ASN1_OCTET_STRING *os=NULL;
67
68	+ if (p7 == NULL)
69	+ {
70	+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
71	+ return 0;
72	+ }
73	+
74	+ if (p7->d.ptr == NULL)
75	+ {
76	+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
77	+ return 0;
78	+ }
79	+
80	EVP_MD_CTX_init(&ctx_tmp);
81	i=OBJ_obj2nid(p7->type);
82	p7->state=PKCS7_S_HEADER;
83	@@ -671,6 +722,7 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
84	/* If detached data then the content is excluded */
85	if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
86	M_ASN1_OCTET_STRING_free(os);
87	+ os = NULL;
88	p7->d.sign->contents->d.data = NULL;
89	}
90	break;
91	@@ -681,6 +733,7 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
92	if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
93	{
94	M_ASN1_OCTET_STRING_free(os);
95	+ os = NULL;
96	p7->d.digest->contents->d.data = NULL;
97	}
98	break;
99	@@ -818,6 +871,12 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
100
101	if (!PKCS7_is_detached(p7))
102	{
103	+ /*
104	+ * NOTE(emilia): I think we only reach os == NULL here because detached
105	+ * digested data support is broken.
106	+ */
107	+ if (os == NULL)
108	+ goto err;
109	btmp=BIO_find_type(bio,BIO_TYPE_MEM);
110	if (btmp == NULL)
111	{
112	@@ -852,6 +911,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
113	STACK_OF(X509) *cert;
114	X509 *x509;
115
116	+ if (p7 == NULL)
117	+ {
118	+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
119	+ return 0;
120	+ }
121	+
122	+ if (p7->d.ptr == NULL)
123	+ {
124	+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
125	+ return 0;
126	+ }
127	+
128	if (PKCS7_type_is_signed(p7))
129	{
130	cert=p7->d.sign->cert;
131	diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c
132	--- openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref 2007-02-03 10:51:59.000000000 +0100
133	+++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c 2015-04-02 15:18:12.874970022 +0200
134	@@ -473,6 +473,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
135
136	STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)
137	{
138	+ if (p7 == NULL \|\| p7->d.ptr == NULL)
139	+ return NULL;
140	if (PKCS7_type_is_signed(p7))
141	{
142	return(p7->d.sign->signer_info);