Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) From: ghudson@mit.edu Subject: git commit Content-Length: 551 In PKINIT, check for null PKCS7 enveloped fields The PKCS7 ContentInfo content field and EncryptedContentInfo encryptedContent field are optional. Check for null values in cms_envelopeddata_verify() before calling pkcs7_decrypt(). Reported by Bahaa Naamneh. https://github.com/krb5/krb5/commit/48ccd81656381522d1f9ccb8705c13f0266a46ab Author: Greg Hudson Commit: 48ccd81656381522d1f9ccb8705c13f0266a46ab Branch: master src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)