summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm <>2009-04-08 02:30:30 +0000
committerdjm <>2009-04-08 02:30:30 +0000
commita699cc827a7fd1a4d2c35a44a4ca8471e80a51d8 (patch)
treed0d578b3a353780ff6db3dd9849d141cf933c4c9
parent2e87fd5a1b084020d0e569c7635e777f08585c4e (diff)
downloadopenbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.tar.gz
openbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.tar.bz2
openbsd-a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8.zip
MFC: fixes for OpenSSL ASN.1 invalid memory accesses (CVE-2009-0590 and
CVE-2009-0789).
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1.h2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_err.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c14
3 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index 424cd348bb..fb27b0452f 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void);
1217#define ASN1_R_BAD_OBJECT_HEADER 102 1217#define ASN1_R_BAD_OBJECT_HEADER 102
1218#define ASN1_R_BAD_PASSWORD_READ 103 1218#define ASN1_R_BAD_PASSWORD_READ 103
1219#define ASN1_R_BAD_TAG 104 1219#define ASN1_R_BAD_TAG 104
1220#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
1220#define ASN1_R_BN_LIB 105 1221#define ASN1_R_BN_LIB 105
1221#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1222#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1222#define ASN1_R_BUFFER_TOO_SMALL 107 1223#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void);
1306#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 1307#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
1307#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 1308#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
1308#define ASN1_R_UNEXPECTED_EOC 159 1309#define ASN1_R_UNEXPECTED_EOC 159
1310#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
1309#define ASN1_R_UNKNOWN_FORMAT 160 1311#define ASN1_R_UNKNOWN_FORMAT 160
1310#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 1312#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
1311#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 1313#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index f8a3e2e6cd..5f5de98eed 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
195{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, 195{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
196{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, 196{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
197{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, 197{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
198{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
198{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, 199{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
199{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, 200{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
200{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, 201{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
@@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
284{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, 285{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
285{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, 286{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
286{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, 287{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
288{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
287{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, 289{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
288{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, 290{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
289{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, 291{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index ced641698e..0a0569c74b 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
611 611
612 err: 612 err:
613 ASN1_template_free(val, tt); 613 ASN1_template_free(val, tt);
614 *val = NULL;
615 return 0; 614 return 0;
616 } 615 }
617 616
@@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
758 757
759 err: 758 err:
760 ASN1_template_free(val, tt); 759 ASN1_template_free(val, tt);
761 *val = NULL;
762 return 0; 760 return 0;
763 } 761 }
764 762
@@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
1012 case V_ASN1_SET: 1010 case V_ASN1_SET:
1013 case V_ASN1_SEQUENCE: 1011 case V_ASN1_SEQUENCE:
1014 default: 1012 default:
1013 if (utype == V_ASN1_BMPSTRING && (len & 1))
1014 {
1015 ASN1err(ASN1_F_ASN1_EX_C2I,
1016 ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
1017 goto err;
1018 }
1019 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
1020 {
1021 ASN1err(ASN1_F_ASN1_EX_C2I,
1022 ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
1023 goto err;
1024 }
1015 /* All based on ASN1_STRING and handled the same */ 1025 /* All based on ASN1_STRING and handled the same */
1016 if (!*pval) 1026 if (!*pval)
1017 { 1027 {