diff options
author | djm <> | 2009-04-08 02:30:30 +0000 |
---|---|---|
committer | djm <> | 2009-04-08 02:30:30 +0000 |
commit | a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8 (patch) | |
tree | d0d578b3a353780ff6db3dd9849d141cf933c4c9 | |
parent | 2e87fd5a1b084020d0e569c7635e777f08585c4e (diff) | |
download | openbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.tar.gz openbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.tar.bz2 openbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.zip |
MFC: fixes for OpenSSL ASN.1 invalid memory accesses (CVE-2009-0590 and
CVE-2009-0789).
-rw-r--r-- | src/lib/libssl/src/crypto/asn1/asn1.h | 2 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/asn1/asn1_err.c | 2 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/asn1/tasn_dec.c | 14 |
3 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index 424cd348bb..fb27b0452f 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h | |||
@@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void); | |||
1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
1218 | #define ASN1_R_BAD_PASSWORD_READ 103 | 1218 | #define ASN1_R_BAD_PASSWORD_READ 103 |
1219 | #define ASN1_R_BAD_TAG 104 | 1219 | #define ASN1_R_BAD_TAG 104 |
1220 | #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 | ||
1220 | #define ASN1_R_BN_LIB 105 | 1221 | #define ASN1_R_BN_LIB 105 |
1221 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 | 1222 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
1222 | #define ASN1_R_BUFFER_TOO_SMALL 107 | 1223 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
@@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void); | |||
1306 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | 1307 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
1307 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 | 1308 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 |
1308 | #define ASN1_R_UNEXPECTED_EOC 159 | 1309 | #define ASN1_R_UNEXPECTED_EOC 159 |
1310 | #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 | ||
1309 | #define ASN1_R_UNKNOWN_FORMAT 160 | 1311 | #define ASN1_R_UNKNOWN_FORMAT 160 |
1310 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | 1312 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 |
1311 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | 1313 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c index f8a3e2e6cd..5f5de98eed 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_err.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c | |||
@@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, | 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, |
196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, | 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, |
197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, | 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, |
198 | {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, | ||
198 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, | 199 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, |
199 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, | 200 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, |
200 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 201 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
@@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
284 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, | 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, |
285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, | 286 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, |
286 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, | 287 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, |
288 | {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, | ||
287 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, | 289 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, |
288 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, | 290 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, |
289 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, | 291 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index ced641698e..0a0569c74b 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
@@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, | |||
611 | 611 | ||
612 | err: | 612 | err: |
613 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
614 | *val = NULL; | ||
615 | return 0; | 614 | return 0; |
616 | } | 615 | } |
617 | 616 | ||
@@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, | |||
758 | 757 | ||
759 | err: | 758 | err: |
760 | ASN1_template_free(val, tt); | 759 | ASN1_template_free(val, tt); |
761 | *val = NULL; | ||
762 | return 0; | 760 | return 0; |
763 | } | 761 | } |
764 | 762 | ||
@@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, | |||
1012 | case V_ASN1_SET: | 1010 | case V_ASN1_SET: |
1013 | case V_ASN1_SEQUENCE: | 1011 | case V_ASN1_SEQUENCE: |
1014 | default: | 1012 | default: |
1013 | if (utype == V_ASN1_BMPSTRING && (len & 1)) | ||
1014 | { | ||
1015 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
1016 | ASN1_R_BMPSTRING_IS_WRONG_LENGTH); | ||
1017 | goto err; | ||
1018 | } | ||
1019 | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) | ||
1020 | { | ||
1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
1022 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); | ||
1023 | goto err; | ||
1024 | } | ||
1015 | /* All based on ASN1_STRING and handled the same */ | 1025 | /* All based on ASN1_STRING and handled the same */ |
1016 | if (!*pval) | 1026 | if (!*pval) |
1017 | { | 1027 | { |