Overview

File openssl-CVE-2015-1792.patch of Package openssl.1633

commit 92f9a8bf3844359bb50d86dab92bc24b074d350d
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Fri Jun 5 12:11:25 2015 +0100

    Fix infinite loop in CMS
    
    Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
    to verify and a digest is not recognised. Reported by Johannes Bauer.
    
    CVE-2015-1792
    
    Reviewed-by: Matt Caswell <matt@openssl.org>

Index: openssl-1.0.1i/crypto/cms/cms_smime.c
===================================================================
--- openssl-1.0.1i.orig/crypto/cms/cms_smime.c	2015-06-12 11:37:27.983984849 +0200
+++ openssl-1.0.1i/crypto/cms/cms_smime.c	2015-06-12 11:38:03.058396809 +0200
@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *up
 			BIO_free(f);
 			f = tbio;
 			}
-		while (f != upto);
+	        while (f && f != upto);
 		}
 	else
 		BIO_free_all(f);
openSUSE Build Service is sponsored by
Places