summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm <>2009-04-08 02:30:01 +0000
committerdjm <>2009-04-08 02:30:01 +0000
commit1f115dde203af79f3f8a29fbd82e02f1cc9afc5a (patch)
treefff58816643d8acfe58304e4224b745db0cefa10
parentf85e3c7bb6e0773f7fbbec2487aaa7bc08d544d6 (diff)
downloadopenbsd-OPENBSD_4_3.tar.gz
openbsd-OPENBSD_4_3.tar.bz2
openbsd-OPENBSD_4_3.zip
MFC: fixes for OpenSSL ASN.1 invalid memory accesses (CVE-2009-0590 andOPENBSD_4_3
CVE-2009-0789).
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1.h2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_err.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c14
3 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index 0184b475a7..44ee48bb31 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -1037,6 +1037,7 @@ void ERR_load_ASN1_strings(void);
1037#define ASN1_R_BAD_OBJECT_HEADER 102 1037#define ASN1_R_BAD_OBJECT_HEADER 102
1038#define ASN1_R_BAD_PASSWORD_READ 103 1038#define ASN1_R_BAD_PASSWORD_READ 103
1039#define ASN1_R_BAD_TAG 104 1039#define ASN1_R_BAD_TAG 104
1040#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
1040#define ASN1_R_BN_LIB 105 1041#define ASN1_R_BN_LIB 105
1041#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1042#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1042#define ASN1_R_BUFFER_TOO_SMALL 107 1043#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1096,6 +1097,7 @@ void ERR_load_ASN1_strings(void);
1096#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 1097#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
1097#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 1098#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
1098#define ASN1_R_UNEXPECTED_EOC 159 1099#define ASN1_R_UNEXPECTED_EOC 159
1100#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
1099#define ASN1_R_UNKNOWN_FORMAT 160 1101#define ASN1_R_UNKNOWN_FORMAT 160
1100#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 1102#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
1101#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 1103#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index 315d0a0807..cd23cbf825 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -164,6 +164,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
164{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, 164{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
165{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, 165{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
166{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, 166{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
167{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
167{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, 168{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
168{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, 169{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
169{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, 170{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
@@ -223,6 +224,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
223{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, 224{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
224{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, 225{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
225{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, 226{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
227{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
226{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, 228{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
227{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, 229{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
228{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, 230{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index b7e916ef36..2ad0c29f94 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -474,7 +474,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen
474 474
475 err: 475 err:
476 ASN1_template_free(val, tt); 476 ASN1_template_free(val, tt);
477 *val = NULL;
478 return 0; 477 return 0;
479} 478}
480 479
@@ -574,7 +573,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
574 573
575 err: 574 err:
576 ASN1_template_free(val, tt); 575 ASN1_template_free(val, tt);
577 *val = NULL;
578 return 0; 576 return 0;
579} 577}
580 578
@@ -768,6 +766,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
768 case V_ASN1_SET: 766 case V_ASN1_SET:
769 case V_ASN1_SEQUENCE: 767 case V_ASN1_SEQUENCE:
770 default: 768 default:
769 if (utype == V_ASN1_BMPSTRING && (len & 1))
770 {
771 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
772 ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
773 goto err;
774 }
775 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
776 {
777 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
778 ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
779 goto err;
780 }
771 /* All based on ASN1_STRING and handled the same */ 781 /* All based on ASN1_STRING and handled the same */
772 if(!*pval) { 782 if(!*pval) {
773 stmp = ASN1_STRING_type_new(utype); 783 stmp = ASN1_STRING_type_new(utype);