Closed
Description
Description
The result from signature file BIO creation is not check which means that NULL is passed to PEM_read_bio_CMS, d2i_CMS_bio or SMIME_read_CMS. Even though those function handle NULL deeper in the stack, it is not something that should be done. It also adds error put on OpenSSL error stack which should not happen for error like this.
The example code that triggers this is following (key, cert and infile are like the ones in openssl ext test dir):
<?php
$infile = __DIR__ . "/plain.txt";
$outfile = __DIR__ . "/out.cms";;
$vout = $outfile . '.vout';
$privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$single_cert = "file://" . __DIR__ . "/cert.crt";
$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_cms_sign()");
$headers = array("test@test", "testing openssl_cms_sign()");
$empty_headers = array();
$wrong = "wrong";
$empty = "";
// test three forms of detached signatures:
// PEM first
print("\nPEM Detached:\n");
var_dump(openssl_cms_sign($infile, $outfile, openssl_x509_read($single_cert), $privkey, $headers,
OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,OPENSSL_ENCODING_PEM));
ini_set('open_basedir', __DIR__);
var_dump(openssl_cms_verify($infile,OPENSSL_CMS_NOVERIFY|OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,
NULL, array(), NULL, $vout, NULL, "../test.cms", OPENSSL_ENCODING_PEM));
while ($msg = openssl_error_string())
echo $msg . "\n";
print("\nValidated content:\n");
readfile($vout);
if (file_exists($outfile)) {
echo "true\n";
unlink($outfile);
}
if (file_exists($vout)) {
echo "true\n";
unlink($vout);
}PHP Version
PHP 8.x
Operating System
No response