[Bug 1994165] Re: CMS_final: do not ignore CMS_dataFinal result
Adrien Nader
1994165 at bugs.launchpad.net
Mon Nov 14 15:31:42 UTC 2022
Hi Gil,
Can you explain a bit the actual impact of this bug and/or a scenario to
reproduce. The commit doesn't give us a lot of details and the issue
appears to be possibly quite serious but without diving deep into the
code and possibly writing a reproducer from scratch ourselves, it is
hard to be sure we properly understand it.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl package in Ubuntu:
Triaged
Status in openssl source package in Jammy:
Triaged
Status in openssl source package in Kinetic:
Triaged
Bug description:
https://github.com/openssl/openssl/pull/18876
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.
Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)"
Thanks
Upstream commit:
```
commit 67c0460b89cc1b0644a1a59af78284dfd8d720af
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Tue Jul 26 15:17:06 2022 +0300
Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.
This patch handles the SMIME_crlf_copy return code in all occurrences.
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1994165/+subscriptions
More information about the foundations-bugs
mailing list