A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.0 2022-12-08T11:33:58+00:00 2022-12-08T11:33:58+00:00 tb 2022-12-08T11:33:58+00:00 urn:sha1:77de0e5f3c23f4957bd4027e4ff78cce33dacf14 2022-12-07T23:08:47+00:00 schwarze 2022-12-07T23:08:47+00:00 urn:sha1:eab11350130a507ed42936e4a3c922f3930a163e and reports failure if a call would result in a cycle. The algorithm used was originally suggested by jsing@. Feedback and OK tb@. 2022-12-07T22:30:15+00:00 tb 2022-12-07T22:30:15+00:00 urn:sha1:54623fd72233c5a1c31b5dd154a6cd2e370a29fd The reader may not know what digest BIOs, Base64 BIOs and file BIOs are and the relevant function names are non-obvious, hence it's not entirely trivial to find the manuals where they are explained. With these references a reader should be able to turn the example into actual code. ok schwarze 2022-12-07T17:17:29+00:00 tb 2022-12-07T17:17:29+00:00 urn:sha1:a8bbe803657992fee2dffb62c013ea1e0b886b85 If you want to Base64-encode "Hello World\n" using a BIO, you had better pass "Hello World\n" into it, not something slightly different... While we're touching this, we might as well write it the way K&R did... 2022-12-06T22:22:42+00:00 tb 2022-12-06T22:22:42+00:00 urn:sha1:32fe386349a977647091ee39b6ae9311c9525d2c 2022-12-06T21:13:01+00:00 schwarze 2022-12-06T21:13:01+00:00 urn:sha1:bcbb0a6883f1cfe1369eaeec3a6295d9919b9305 Feedback and OK tb@. 2022-12-06T17:59:21+00:00 schwarze 2022-12-06T17:59:21+00:00 urn:sha1:3b64f394bc39450f6bc4bd64ecff7d97d8f0ddb7 and next_bio fields of all BIO objects in all affected chains, no matter what the arguments are. In particular, if the second argument (the one to be appended) is not at the beginning of its chain, properly detach the beginning of its chain before appending. We have weak indications that this bug might affect real-world code. For example, in FreeRDP, file libfreerdp/crypto/tls.c, function bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely called with a second argument that is *not* at the beginning of its chain. Admittedly, that code is hard to fathom, but it does appear to result in a bogus prev_bio pointer without this patch. The practical impact of this bug in this and other software remains unknown; the consequences might possibly escalate up to use-after-free issues if BIO_pop(3) is afterwards called on corrupted BIO objects. OK tb@ 2022-12-06T16:10:55+00:00 schwarze 2022-12-06T16:10:55+00:00 urn:sha1:acd6804e79b3e295f377e2b130890a08aafc3c2f invariants of the prev_bio and next_bio fields of all BIO objects in all involved chains, no matter which arguments this function is called with. Both real-world uses of this function (in libssl and freerdp) have been audited to make sure this makes nothing worse. We believe libssl behaves correctly before and after the patch (mostly because the second argument is NULL there), and we believe the code in freerdp behaves incorrectly before and after the patch, leaving a prev_bio pointer in place that is becoming bogus, only in a different object before and after the patch. But after the patch, that bogus pointer is due to a separate bug in BIO_push(3), which we are planning to fix afterwards. Joint work with and OK tb@. 2022-12-06T02:12:05+00:00 jsg 2022-12-06T02:12:05+00:00 urn:sha1:51a89408b0f8300d3e9af7f905dbd8b7af00dff6 2022-12-02T22:58:56+00:00 tb 2022-12-02T22:58:56+00:00 urn:sha1:ed495f126a1e6e5dab84c2e136a4399bbaa74752 BIO_push() and BIO_pop() are misnamed. No need to gently and politely suggest that their 'names [...] are perhaps a little misleading'.