openGauss-third_party/dependency/openssl/CVE-2026-45447.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

leweiyangfix openssl CVE-2026-34180 CVE-2026-42767 CVE-2026-45446 CVE-2026-45447 CVE-2026-7383 CVE-2026-9076

From 9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus@openssl.foundation>
Date: Sat, 16 May 2026 08:16:23 +0200
Subject: [PATCH] Fix possible use-after-free in OpenSSL PKCS7_verify()

Fixes CVE-2026-45447

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon Jun  8 20:32:32 2026
---
 crypto/pkcs7/pk7_smime.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -221,6 +221,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     int i, j = 0, k, ret = 0;
     BIO *p7bio = NULL;
     BIO *tmpin = NULL, *tmpout = NULL;
+    BIO *next = NULL;
     const PKCS7_CTX *p7_ctx;
 
     if (p7 == NULL) {
@@ -370,11 +371,11 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
  err:
     X509_STORE_CTX_free(cert_ctx);
     OPENSSL_free(buf);
-    if (tmpin == indata) {
-        if (indata)
-            BIO_pop(p7bio);
+    while (p7bio != NULL && p7bio != indata) {
+        next = BIO_pop(p7bio);
+        BIO_free(p7bio);
+        p7bio = next;
     }
-    BIO_free_all(p7bio);
     sk_X509_free(signers);
     return ret;
 }
--