If we get a valid but almost empty PKCS7 structure we otherwise try to access invalid fields. CVE: CVE-2023-6247 Reported-by: Bahaa Naamneh <bahaa.cpl@gmail.com> Signed-off-by: Arne Schwabe <arne@openvpn.net>