From 323fff434ba47aecfe4fa3bdfd1fed9c8b8dfe1f Mon Sep 17 00:00:00 2001
From: Rahul Jain <rahul.jain@suse.com>
Date: Thu, 16 Apr 2026 21:54:32 +0530
Subject: [PATCH] Fix CVE-2026-35329: pkcs7 encrypted container processing

---
 src/libstrongswan/crypto/pkcs5.c                   |  55555+
 .../plugins/pkcs7/pkcs7_enveloped_data.c           | 14 +++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c
index e48a9ad..0e4b215 100644
--- a/src/libstrongswan/crypto/pkcs5.c
+++ b/src/libstrongswan/crypto/pkcs5.c
@@ -112,6 +112,10 @@ struct private_pkcs5_t {
 static bool verify_padding(crypter_t *crypter, chunk_t *blob)
 {
 	uint8_t padding, count;
+	if (!blob->len)
+	{
+		return FALSE;
+	}
 
 	padding = count = blob->ptr[blob->len - 1];
 
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
index 8b26bad..12d4955 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
@@ -182,9 +182,17 @@ static bool decrypt(private_key_t *private, chunk_t key, chunk_t iv, int oid,
  */
 static bool remove_padding(private_pkcs7_enveloped_data_t *this)
 {
-	u_char *pos = this->content.ptr + this->content.len - 1;
-	u_char pattern = *pos;
-	size_t padding = pattern;
+	 u_char *pos, pattern;
+	 size_t padding;
+
+ 	if (!this->content.len)
+ 	{
+     	     return FALSE;
+ 	}
+
+	pos = this->content.ptr + this->content.len - 1;
+	pattern = *pos;
+	padding = pattern;
 
 	if (padding > this->content.len)
 	{
-- 
2.50.0