File openssl-CVE-2015-3194.patch of Package openssl.1634

From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 2 Oct 2015 13:10:29 +0100
Subject: [PATCH] Add PSS parameter check.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/rsa/rsa_ameth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: openssl-1.0.1i/crypto/rsa/rsa_ameth.c
===================================================================
--- openssl-1.0.1i.orig/crypto/rsa/rsa_ameth.c	2015-12-03 17:56:38.292632624 +0100
+++ openssl-1.0.1i/crypto/rsa/rsa_ameth.c	2015-12-03 17:58:11.106130819 +0100
@@ -287,7 +287,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(co
 		{
 		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
 		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
-			&& param->type == V_ASN1_SEQUENCE)
+			&& param && param->type == V_ASN1_SEQUENCE)
 			{
 			p = param->value.sequence->data;
 			plen = param->value.sequence->length;