diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2015-03-19 14:00:23 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2015-03-19 14:00:23 +0000 |
| commit | 836b495106f594955b58752d134d1fdfdc8973b1 (patch) | |
| tree | 7822387262a7d3bef9e0cd5e3fe209b4f0b5c5c6 /lib/libcrypto/ec | |
| parent | 5ee002f51cf23a40109eb29a0600077fe8edc54b (diff) | |
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
Diffstat (limited to 'lib/libcrypto/ec')
| -rw-r--r-- | lib/libcrypto/ec/ec_asn1.c | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/lib/libcrypto/ec/ec_asn1.c b/lib/libcrypto/ec/ec_asn1.c index c0ef6f40e41..f01008ec438 100644 --- a/lib/libcrypto/ec/ec_asn1.c +++ b/lib/libcrypto/ec/ec_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */ +/* $OpenBSD: ec_asn1.c,v 1.13 2015/03/19 14:00:22 tedu Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); - ECPKPARAMETERS_free(params); - return NULL; + goto err; } if ((group = ec_asn1_pkparameters2group(params)) == NULL) { ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); - ECPKPARAMETERS_free(params); - return NULL; + goto err; } - if (a && *a) + + if (a != NULL) { EC_GROUP_clear_free(*a); - if (a) *a = group; + } +err: ECPKPARAMETERS_free(params); return (group); } @@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) EC_KEY * d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) { - int ok = 0; EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; @@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) } if (a == NULL || *a == NULL) { if ((ret = EC_KEY_new()) == NULL) { - ECerr(EC_F_D2I_ECPRIVATEKEY, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) goto err; } } - ok = 1; + + EC_PRIVATEKEY_free(priv_key); + if (a != NULL) + *a = ret; + return (ret); + err: - if (!ok) { - if (ret) - EC_KEY_free(ret); - ret = NULL; - } + if (a == NULL || *a != ret) + EC_KEY_free(ret); if (priv_key) EC_PRIVATEKEY_free(priv_key); - return (ret); + return (NULL); } int @@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); return NULL; } - if (a) - *a = ret; } else ret = *a; @@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); return NULL; } + + if (a != NULL) + *a = ret; return ret; } |