CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/06/09 06:34:08
Modified files:
lib/libcrypto/pkcs7: pk7_smime.c
Log message:
Avoid freeing a caller-owned buffer in PKCS7_verify()
If a PKCS#7 S/MIME message comes with an empty set of digestAlgorithms
in the SignedData, PKCS7_verify() would incorrectly free a caller-owned
buffer. Fix the freeing logic to avoid this situation.
>From Igor Ustinov via OpenSSL
