diff options
| author | Pauli <ppzgs1@gmail.com> | 2021-04-04 13:52:06 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-04-07 18:06:06 +1000 |
| commit | 080669804799b2fef788029555ac7b26f3e67881 (patch) | |
| tree | 2019e0f3a49597759002c4dbe72392269fec5de8 /crypto/asn1 | |
| parent | 493e78986f9677c2b321273da51c276b9a8182d8 (diff) | |
Check for integer overflow in i2a_ASN1_OBJECT and error out if found.
Problem reported by Scott McPeak <scott.g.mcpeak@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
Diffstat (limited to 'crypto/asn1')
| -rw-r--r-- | crypto/asn1/a_object.c | 12 | ||||
| -rw-r--r-- | crypto/asn1/asn1_err.c | 3 |
2 files changed, 11 insertions, 4 deletions
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 6967ab44e8..9d8f48b73c 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -190,6 +190,10 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) return BIO_write(bp, "NULL", 4); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { + if (i > INT_MAX - 1) { /* catch an integer overflow */ + ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); + return -1; + } if ((p = OPENSSL_malloc(i + 1)) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; @@ -349,9 +353,11 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) if (a == NULL) return; if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { -#ifndef CONST_STRICT /* disable purely for compile-time strict - * const checking. Doing this on a "real" - * compile will cause memory leaks */ +#ifndef CONST_STRICT + /* + * Disable purely for compile-time strict const checking. Doing this + * on a "real" compile will cause memory leaks + */ OPENSSL_free((void*)a->sn); OPENSSL_free((void*)a->ln); #endif diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 8957519cb2..af706e638e 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -109,6 +109,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_TOO_LONG), "length too long"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, |