Verify ASN1 objects types before attempting to access them as a particular

type.
ok guenther@ doug@

2 files changed, 6 insertions, 2 deletions

diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index d6fcaca745a..2c69edf4997 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.34 2015/07/18 14:40:59 miod Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.35 2015/07/19 18:25:59 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1187,6 +1187,8 @@ PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
 
 	if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
 		return NULL;
+	if (astype->type != V_ASN1_OCTET_STRING)
+		return NULL;
 	return astype->value.octet_string;
 }
 
diff --git a/lib/libssl/src/crypto/ts/ts_rsp_verify.c b/lib/libssl/src/crypto/ts/ts_rsp_verify.c
index 797877011c2..204c6a9df8b 100644
--- a/lib/libssl/src/crypto/ts/ts_rsp_verify.c
+++ b/lib/libssl/src/crypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_verify.c,v 1.15 2015/07/19 05:42:55 miod Exp $ */
+/* $OpenBSD: ts_rsp_verify.c,v 1.16 2015/07/19 18:25:59 miod Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -312,6 +312,8 @@ ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
 	    NID_id_smime_aa_signingCertificate);
 	if (!attr)
 		return NULL;
+	if (attr->type != V_ASN1_SEQUENCE)
+		return NULL;
 	p = attr->value.sequence->data;
 	return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
 }