diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2003-09-30 12:05:44 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2003-09-30 12:05:44 +0000 |
| commit | 662ede2370e0fa1f571354fbba9ac7ee9caf6706 (patch) | |
| tree | ca724f841be80b56ef65ebde1bed4d3403164f00 | |
| parent | d0edf6e593a5eaab623bac991eb131b2e6c6f518 (diff) | |
Fix for ASN1 parsing bugs.
| -rw-r--r-- | CHANGES | 22 | ||||
| -rw-r--r-- | crypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | crypto/asn1/tasn_dec.c | 9 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 2 |
4 files changed, 33 insertions, 2 deletions
@@ -4,6 +4,18 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. [Steve Henson] @@ -1982,6 +1994,16 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 0638870ab7..e30d5dd303 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 76fc023230..2426cb6253 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; @@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { @@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: - if(!ret) ASN1_TYPE_free(typ); + if(!ret) + { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f60054bd39..2bb21b443e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be |