Add NULL check before accessing PKCS7 encrypted algorithm

Printing content of an invalid test certificate causes application crash, because of NULL dereference: user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: Segmentation fault (core dumped)
openssl · Feb 19, 2024 · b5b13ea · b5b13ea
1 parent c3e8d67
commit b5b13ea
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
@@ -901,7 +901,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
         } else if (bagnid == NID_pkcs7_encrypted) {
             if (options & INFO) {
                 BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(p7->d.encrypted->enc_data->algorithm);
+                if (p7->d.encrypted == NULL) {
+                    BIO_printf(bio_err, "<no data>\n");
+                } else {
+                    alg_print(p7->d.encrypted->enc_data->algorithm);
+                }
             }
             bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
         } else {