Fix CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

This commit is contained in:
Pavol Žáčik 2026-05-13 16:27:59 +02:00 committed by Otmar Sabela
parent 297177218e
commit 6f6b4f9c39
No known key found for this signature in database
GPG Key ID: 5B6C2C5016BCC0CB
2 changed files with 89 additions and 1 deletions

View File

@ -0,0 +1,81 @@
From 2ff16c29c115c131fbcf196ab66ca0ef822c7ab0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
Date: Wed, 13 May 2026 16:22:35 +0200
Subject: [PATCH] Fix CVE-2026-28390
Ensure that if we are missing parameters in
RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo,
we don't segfault when decrypting.
---
crypto/rsa/rsa_ameth.c | 30 ++++++++++++++++++++----------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index fb04554..dfce3e2 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -918,10 +918,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
- unsigned char *label = NULL;
+ const unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
@@ -951,21 +954,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (oaep->pSourceFunc != NULL) {
- X509_ALGOR *plab = oaep->pSourceFunc;
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+ if (OBJ_obj2nid(aoid) != NID_pSpecified) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
- if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+ if (ptype != V_ASN1_OCTET_STRING) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
goto err;
}
- label = plab->parameter->value.octet_string->data;
- /* Stop label being freed when OAEP parameters are freed */
- plab->parameter->value.octet_string->data = NULL;
- labellen = plab->parameter->value.octet_string->length;
+ label = ASN1_STRING_get0_data(parameter);
+ labellen = ASN1_STRING_length(parameter);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -974,8 +975,17 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
- goto err;
+ if (label != NULL) {
+ unsigned char *dup_label = OPENSSL_memdup(label, labellen);
+
+ if (dup_label == NULL)
+ goto err;
+
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
+ OPENSSL_free(dup_label);
+ goto err;
+ }
+ }
/* Carry on */
rv = 1;
--
2.53.0

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1k
Release: 16%{?dist}
Release: 17%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -109,6 +109,8 @@ Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch
Patch113: openssl-1.1.1-cve-2025-69419.patch
Patch114: openssl-1.1.1-cve-2026-45447.patch
Patch115: openssl-1.1.1-cve-2024-4741.patch
# Fix for CVE-2026-28390
Patch116: openssl-1.1.1-cve-2026-28390.patch
License: OpenSSL and ASL 2.0
URL: http://www.openssl.org/
@ -249,6 +251,7 @@ cp %{SOURCE13} test/
%patch113 -p1 -b .cve-2025-69419-2
%patch114 -p1 -b .cve-2026-45447
%patch115 -p1 -b .cve-2024-4741
%patch116 -p1 -b .cve-2026-28390
%build
# Figure out which flags we want to use.
@ -532,6 +535,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
* Thu Jul 02 2026 Otmar Sabela <osabela@redhat.com> - 1:1.1.1k-17
- Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
Resolves: RHEL-165759
* Mon Jun 01 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-16
- Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify()
Resolves: RHEL-179623