Raise ArgumentError if no signed data in PKCS7 that should have signe…

…d data Fixes [Bug #19974]
ruby · Oct 27, 2023 · 5325c06 · 5325c06
1 parent c9b48f9
commit 5325c06
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
@@ -333,6 +333,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
     PKCS7 *p7, *p7_orig = RTYPEDDATA_DATA(self);
     BIO *in;
     VALUE arg;
+    int i;
 
     if(rb_scan_args(argc, argv, "01", &arg) == 0)
 	return self;
@@ -347,6 +348,16 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
     if (!p7)
         ossl_raise(rb_eArgError, "Could not parse the PKCS7");
 
+    i = OBJ_obj2nid(p7->type);
+    switch(i){
+      case NID_pkcs7_signed:
+      case NID_pkcs7_signedAndEnveloped:
+        if (!p7->d.sign)
+            ossl_raise(rb_eArgError, "No signed data in PKCS7");
+      default:
+        ; /* nothing */
+    }
+
     RTYPEDDATA_DATA(self) = p7;
     PKCS7_free(p7_orig);
     ossl_pkcs7_set_data(self, Qnil);

diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
@@ -155,6 +155,11 @@ def test_enveloped
     assert_equal(data, p7.decrypt(@rsa1024))
   end
 
+  def test_empty_signed_data_ruby_bug_19974
+    data = "-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n"
+    assert_raise(ArgumentError) { OpenSSL::PKCS7.new(data) }
+  end
+
   def test_graceful_parsing_failure #[ruby-core:43250]
     contents = File.read(__FILE__)
     assert_raise(ArgumentError) { OpenSSL::PKCS7.new(contents) }