diff options
| author | Neil Horman <nhorman@openssl.org> | 2023-12-05 15:24:20 -0500 |
|---|---|---|
| committer | Neil Horman <nhorman@openssl.org> | 2023-12-13 11:10:36 -0500 |
| commit | a552c23c6502592c1b3c67d93dd7e5ffbe958aa4 (patch) | |
| tree | 717952fda933b4314ddbc14b9322f3ed61ae4044 /apps | |
| parent | 749fcc0e3ce796474a15d6fac221e57daeacff1e (diff) | |
Harden asn1 oid loader to invalid inputs
In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init
config_diagnostics = 1
[openssl_init]
oid_section = oids
[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======
The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space
correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/asn1parse.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/asn1parse.c b/apps/asn1parse.c index 6597a6180b..bf62f85947 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv) if ((buf = BUF_MEM_new()) == NULL) goto end; - if (genstr == NULL && informat == FORMAT_PEM) { + if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) { if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); |