diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-30 15:19:39 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-30 15:19:39 +0000 |
| commit | 9dc04f238ee7a2fd151ee8259ff9369c92f2c762 (patch) | |
| tree | b3bb7a6307ed4e08bd8f9e78ae49019a8bf98f3b | |
| parent | 869409b925c787561a18cc98088135b4b93856d8 (diff) | |
security fix from http://www.openssl.org/news/secadv_20030930.txt
see also http://cvs.openssl.org/chngview?cn=11471
| -rw-r--r-- | lib/libssl/src/crypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/asn1/tasn_dec.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/x509/x509_vfy.c | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/lib/libssl/src/crypto/asn1/asn1_lib.c b/lib/libssl/src/crypto/asn1/asn1_lib.c index 60f36bb9582..aed28954006 100644 --- a/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/lib/libssl/src/crypto/asn1/asn1_lib.c @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { diff --git a/lib/libssl/src/crypto/asn1/tasn_dec.c b/lib/libssl/src/crypto/asn1/tasn_dec.c index 76fc023230a..2426cb6253a 100644 --- a/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; @@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { @@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: - if(!ret) ASN1_TYPE_free(typ); + if(!ret) + { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c index 552d1e72516..04997ba4565 100644 --- a/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/lib/libssl/src/crypto/x509/x509_vfy.c @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be |