diff options
| author | miod <> | 2015-07-15 16:45:24 +0000 | 
|---|---|---|
| committer | miod <> | 2015-07-15 16:45:24 +0000 | 
| commit | b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6 (patch) | |
| tree | 7cadd2f8dc53b5a5314943bf5d5c539b26c70410 | |
| parent | 7be2975fd485c5a4452099e9727e8b485fba3d2b (diff) | |
| download | openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.tar.gz openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.tar.bz2 openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.zip | |
Do not allow TS_check_signer_name() with signer == NULL from
int_TS_RESP_verify_token(). Coverity CID 21710.
Looking further, int_TS_RESP_verify_token() will only initialize signer to
something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what?
TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX
constructor, explicitely clears this bit, with:
        ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
followed by more conditional flag clears.
Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This
is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will
happen.
ok beck@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_verify.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_verify.c | 5 | 
2 files changed, 8 insertions, 2 deletions
| diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c index 25fc22dfaf..56397eeec3 100644 --- a/src/lib/libcrypto/ts/ts_rsp_verify.c +++ b/src/lib/libcrypto/ts/ts_rsp_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.13 2015/07/15 16:45:24 miod Exp $ */ | 
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 
| 3 | * project 2002. | 3 | * project 2002. | 
| 4 | */ | 4 | */ | 
| @@ -698,6 +698,9 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) | |||
| 698 | int idx = -1; | 698 | int idx = -1; | 
| 699 | int found = 0; | 699 | int found = 0; | 
| 700 | 700 | ||
| 701 | if (signer == NULL) | ||
| 702 | return 0; | ||
| 703 | |||
| 701 | /* Check the subject name first. */ | 704 | /* Check the subject name first. */ | 
| 702 | if (tsa_name->type == GEN_DIRNAME && | 705 | if (tsa_name->type == GEN_DIRNAME && | 
| 703 | X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) | 706 | X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) | 
| diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c index 25fc22dfaf..56397eeec3 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.13 2015/07/15 16:45:24 miod Exp $ */ | 
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 
| 3 | * project 2002. | 3 | * project 2002. | 
| 4 | */ | 4 | */ | 
| @@ -698,6 +698,9 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) | |||
| 698 | int idx = -1; | 698 | int idx = -1; | 
| 699 | int found = 0; | 699 | int found = 0; | 
| 700 | 700 | ||
| 701 | if (signer == NULL) | ||
| 702 | return 0; | ||
| 703 | |||
| 701 | /* Check the subject name first. */ | 704 | /* Check the subject name first. */ | 
| 702 | if (tsa_name->type == GEN_DIRNAME && | 705 | if (tsa_name->type == GEN_DIRNAME && | 
| 703 | X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) | 706 | X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) | 
