diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2014-06-22 20:18:53 -0400 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-25 18:21:35 +0100 |
commit | 3d15d58e55b97207188e87708a0e7f49b4bfd7fd (patch) | |
tree | 8802f0b17fe30235ebc9c20ae21770a7702267af /crypto/x509v3 | |
parent | d93edc0aab98377f42dd19312248597a018a7889 (diff) |
More complete input validation of X509_check_mumble
(cherry picked from commit 29edebe95c2a51470c78c7e769c926719965eeb1)
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/v3_utl.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 5401d90e10..ea260f3c95 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -972,22 +972,46 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk == NULL) + return -2; + /* + * Embedded NULs are disallowed, except as the last character of a + * string of length 2 or more (tolerate caller including terminating + * NUL in string length). + */ if (chklen == 0) - chklen = chk ? strlen((char *)chk) : 0; - else if (chk && memchr(chk, '\0', chklen)) - return 0; + chklen = strlen((char *)chk); + else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen)) + return -2; + if (chklen > 1 && chk[chklen-1] == '\0') + --chklen; return do_x509_check(x, chk, chklen, flags, GEN_DNS); } int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk == NULL) + return -2; + /* + * Embedded NULs are disallowed, except as the last character of a + * string of length 2 or more (tolerate caller including terminating + * NUL in string length). + */ + if (chklen == 0) + chklen = strlen((char *)chk); + else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen)) + return -2; + if (chklen > 1 && chk[chklen-1] == '\0') + --chklen; return do_x509_check(x, chk, chklen, flags, GEN_EMAIL); } int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk == NULL) + return -2; return do_x509_check(x, chk, chklen, flags, GEN_IPADD); } @@ -995,6 +1019,8 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) { unsigned char ipout[16]; int iplen; + if (ipasc == NULL) + return -2; iplen = a2i_ipadd(ipout, ipasc); if (iplen == 0) return -2; |