Raise ArgumentError for PKCS7 without signed data in PKCS7.read_smime

ruby · Nov 12, 2023 · 78de883 · 78de883
1 parent 5325c06
commit 78de883
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
@@ -159,13 +159,25 @@ ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
     BIO *in, *out;
     PKCS7 *pkcs7;
     VALUE ret, data;
+    int i;
 
     ret = NewPKCS7(cPKCS7);
     in = ossl_obj2bio(&arg);
     out = NULL;
     pkcs7 = SMIME_read_PKCS7(in, &out);
     BIO_free(in);
     if(!pkcs7) ossl_raise(ePKCS7Error, NULL);
+
+    i = OBJ_obj2nid(pkcs7->type);
+    switch(i){
+      case NID_pkcs7_signed:
+      case NID_pkcs7_signedAndEnveloped:
+        if (!pkcs7->d.sign)
+            ossl_raise(rb_eArgError, "No signed data in PKCS7");
+      default:
+        ; /* nothing */
+    }
+
     data = out ? ossl_membio2str(out) : Qnil;
     SetPKCS7(ret, pkcs7);
     ossl_pkcs7_set_data(ret, data);

diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
@@ -158,6 +158,16 @@ def test_enveloped
   def test_empty_signed_data_ruby_bug_19974
     data = "-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n"
     assert_raise(ArgumentError) { OpenSSL::PKCS7.new(data) }
+
+    data = <<END
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+#{data}
+END
+    assert_raise(ArgumentError) { OpenSSL::PKCS7.read_smime(data) }
   end
 
   def test_graceful_parsing_failure #[ruby-core:43250]