summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/asn1/asn1_lib.c10
-rw-r--r--lib/libcrypto/conf/conf_def.c3
-rw-r--r--lib/libcrypto/cryptlib.h3
-rw-r--r--lib/libcrypto/objects/obj_dat.c2
-rw-r--r--lib/libssl/s3_clnt.c9
-rw-r--r--lib/libssl/s3_srvr.c1
-rw-r--r--lib/libssl/ssl.h2
-rw-r--r--lib/libssl/ssl_asn1.c1
-rw-r--r--lib/libssl/ssl_err.c4
-rw-r--r--lib/libssl/ssl_lib.c7
-rw-r--r--lib/libssl/ssl_locl.h3
-rw-r--r--lib/libssl/ssl_sess.c1
12 files changed, 39 insertions, 7 deletions
diff --git a/lib/libcrypto/asn1/asn1_lib.c b/lib/libcrypto/asn1/asn1_lib.c
index 830ff2af3ce..fd8e77044ee 100644
--- a/lib/libcrypto/asn1/asn1_lib.c
+++ b/lib/libcrypto/asn1/asn1_lib.c
@@ -123,15 +123,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -158,6 +156,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -169,6 +169,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -406,7 +408,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
diff --git a/lib/libcrypto/conf/conf_def.c b/lib/libcrypto/conf/conf_def.c
index 31f2766246a..5e194de60e9 100644
--- a/lib/libcrypto/conf/conf_def.c
+++ b/lib/libcrypto/conf/conf_def.c
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line)
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
diff --git a/lib/libcrypto/cryptlib.h b/lib/libcrypto/cryptlib.h
index a0489e57fc9..37ce7721fb0 100644
--- a/lib/libcrypto/cryptlib.h
+++ b/lib/libcrypto/cryptlib.h
@@ -89,6 +89,9 @@ extern "C" {
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index 3ff64bb8d13..02c3719f04e 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index e5853ede95b..b6be7489326 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -545,6 +545,7 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -626,6 +627,14 @@ static int ssl3_get_server_hello(SSL *s)
/* get the session-id */
j= *(p++);
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
+
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
/* SSLref returns 16 :-( */
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 99b6a869838..3748cd7c243 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -964,6 +964,7 @@ static int ssl3_send_server_hello(SSL *s)
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 833f7616907..ce6354b2ff1 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1637,6 +1637,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_KRB5 1104
#define SSL_R_KRB5_C_CC_PRINC 1094
#define SSL_R_KRB5_C_GET_CRED 1095
@@ -1716,6 +1717,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index c5eeeb6bc59..39ffa46ceec 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -296,6 +296,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index c32c4ef6e97..0cad32c855d 100644
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_KRB5 ,"krb5"},
{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
@@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index df307a80c58..e516382b6c6 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -2289,3 +2289,10 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
IMPLEMENT_STACK_OF(SSL_CIPHER)
IMPLEMENT_STACK_OF(SSL_COMP)
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 5208c4c42a1..0029edc3a6c 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -615,5 +615,8 @@ int ssl_ok(SSL *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
#endif
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 6424f775e21..a0c3100b29f 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -250,6 +250,7 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 06:04:58 +0000