File openssl-CVE-2015-1790.patch of Package compat-openssl098.703

commit 582f1f41d49b5bf5ceaca241356d5f9c986f230f
Author: Emilia Kasper <emilia@openssl.org>
Date:   Tue May 12 19:00:30 2015 +0200

    PKCS#7: Fix NULL dereference with missing EncryptedContent.
    
    CVE-2015-1790
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>

Index: openssl-0.9.8j/crypto/pkcs7/pk7_doit.c
===================================================================
--- openssl-0.9.8j.orig/crypto/pkcs7/pk7_doit.c	2015-06-15 13:37:03.815949234 +0200
+++ openssl-0.9.8j/crypto/pkcs7/pk7_doit.c	2015-06-15 13:38:01.194613507 +0200
@@ -381,12 +381,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 	switch (i)
 		{
 	case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
 		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
 		md_sk=p7->d.sign->md_algs;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
 		rsk=p7->d.signed_and_enveloped->recipientinfo;
 		md_sk=p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
 		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
 		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
 		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -400,6 +407,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 	case NID_pkcs7_enveloped:
 		rsk=p7->d.enveloped->recipientinfo;
 		enc_alg=p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
 		data_body=p7->d.enveloped->enc_data->enc_data;
 		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
 		if (evp_cipher == NULL)
@@ -414,6 +422,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 	        goto err;
 		}
 
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
+
 	/* We will be checking the signature */
 	if (md_sk != NULL)
 		{
@@ -590,7 +605,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 		}
 
 #if 1
-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
+    if (in_bio != NULL)
 		{
 		bio=in_bio;
 		}