Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type
Fixes openssl#19975 for CMS_decrypt_set1_pkey_and_peer() in the obvious way, and a related potential crash in CMS_decrypt_set1_password(). The point is that the input might have an unexpected content type, so a guard is needed at both places after `ec` is obtained. Note that in CMS_decrypt_set1_pkey_and_peer() there was no such ec != NULL guard for ``` if (ris != NULL) debug = ec->debug; ``` maybe because it is implied here by ris != NULL.
- Loading branch information