Stop PKCS7_verify() core dumping with unknown public

key algorithms and leaking if the signature verify fails.
author: Dr. Stephen Henson <steve@openssl.org> 2001-02-24 01:46:46 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2001-02-24 01:46:46 +0000
commit: 75090e0365d6d441d5ea8495c2afc6c83d5eb886 (patch)
tree: cea3ee5b87407c7224717916ddc933ed967cec8f /CHANGES
parent: 6676457bba8c0581867f14beddb3df2d4a3baef7 (diff)
download: openssl-75090e0365d6d441d5ea8495c2afc6c83d5eb886.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 25987622a9..3e6569abd8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
   *) Don't use getenv in library functions when run as setuid/setgid.
      New function OPENSSL_issetugid().
      [Ulf Moeller]
author	Dr. Stephen Henson <steve@openssl.org>	2001-02-24 01:46:46 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2001-02-24 01:46:46 +0000
commit	75090e0365d6d441d5ea8495c2afc6c83d5eb886 (patch)
tree	cea3ee5b87407c7224717916ddc933ed967cec8f /CHANGES
parent	6676457bba8c0581867f14beddb3df2d4a3baef7 (diff)
download	openssl-75090e0365d6d441d5ea8495c2afc6c83d5eb886.tar.gz