diff options
| author | jsing <> | 2019-04-01 15:48:04 +0000 |
|---|---|---|
| committer | jsing <> | 2019-04-01 15:48:04 +0000 |
| commit | a75b22a2cc094f47fbed5f4c583901562193c920 (patch) | |
| tree | d9cf1a8ad7b62400a812c7d2f90b7402b1f5fc83 | |
| parent | fa03268a2594c33652da3b07feca76588192a446 (diff) | |
| download | openbsd-a75b22a2cc094f47fbed5f4c583901562193c920.tar.gz openbsd-a75b22a2cc094f47fbed5f4c583901562193c920.tar.bz2 openbsd-a75b22a2cc094f47fbed5f4c583901562193c920.zip | |
Require all ASN1_PRIMITIVE_FUNCS functions to be provided.
If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_enc.c | 11 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_fre.c | 16 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_new.c | 15 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_prn.c | 13 |
5 files changed, 42 insertions, 26 deletions
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 3a27b82288..70dc355ca1 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_dec.c,v 1.36 2018/09/17 18:18:01 tb Exp $ */ | 1 | /* $OpenBSD: tasn_dec.c,v 1.37 2019/04/01 15:48:04 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -793,14 +793,17 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, | |||
| 793 | ASN1_VALUE **opval = NULL; | 793 | ASN1_VALUE **opval = NULL; |
| 794 | ASN1_STRING *stmp; | 794 | ASN1_STRING *stmp; |
| 795 | ASN1_TYPE *typ = NULL; | 795 | ASN1_TYPE *typ = NULL; |
| 796 | int ret = 0; | ||
| 797 | const ASN1_PRIMITIVE_FUNCS *pf; | ||
| 798 | ASN1_INTEGER **tint; | 796 | ASN1_INTEGER **tint; |
| 797 | int ret = 0; | ||
| 799 | 798 | ||
| 800 | pf = it->funcs; | 799 | if (it->funcs != NULL) { |
| 800 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; | ||
| 801 | 801 | ||
| 802 | if (pf && pf->prim_c2i) | 802 | if (pf->prim_c2i == NULL) |
| 803 | return 0; | ||
| 803 | return pf->prim_c2i(pval, cont, len, utype, free_cont, it); | 804 | return pf->prim_c2i(pval, cont, len, utype, free_cont, it); |
| 805 | } | ||
| 806 | |||
| 804 | /* If ANY type clear type and set pointer to internal value */ | 807 | /* If ANY type clear type and set pointer to internal value */ |
| 805 | if (it->utype == V_ASN1_ANY) { | 808 | if (it->utype == V_ASN1_ANY) { |
| 806 | if (!*pval) { | 809 | if (!*pval) { |
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c index f3341901fe..d103c4d096 100644 --- a/src/lib/libcrypto/asn1/tasn_enc.c +++ b/src/lib/libcrypto/asn1/tasn_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_enc.c,v 1.21 2016/12/30 16:04:34 jsing Exp $ */ | 1 | /* $OpenBSD: tasn_enc.c,v 1.22 2019/04/01 15:48:04 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -541,11 +541,14 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, | |||
| 541 | const unsigned char *cont; | 541 | const unsigned char *cont; |
| 542 | unsigned char c; | 542 | unsigned char c; |
| 543 | int len; | 543 | int len; |
| 544 | const ASN1_PRIMITIVE_FUNCS *pf; | ||
| 545 | 544 | ||
| 546 | pf = it->funcs; | 545 | if (it->funcs != NULL) { |
| 547 | if (pf && pf->prim_i2c) | 546 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 547 | |||
| 548 | if (pf->prim_i2c == NULL) | ||
| 549 | return -1; | ||
| 548 | return pf->prim_i2c(pval, cout, putype, it); | 550 | return pf->prim_i2c(pval, cout, putype, it); |
| 551 | } | ||
| 549 | 552 | ||
| 550 | /* Should type be omitted? */ | 553 | /* Should type be omitted? */ |
| 551 | if ((it->itype != ASN1_ITYPE_PRIMITIVE) || | 554 | if ((it->itype != ASN1_ITYPE_PRIMITIVE) || |
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c index c05310ec28..b621af3b37 100644 --- a/src/lib/libcrypto/asn1/tasn_fre.c +++ b/src/lib/libcrypto/asn1/tasn_fre.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_fre.c,v 1.16 2018/04/06 12:16:06 bluhm Exp $ */ | 1 | /* $OpenBSD: tasn_fre.c,v 1.17 2019/04/01 15:48:04 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -193,14 +193,14 @@ void | |||
| 193 | ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 193 | ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 194 | { | 194 | { |
| 195 | int utype; | 195 | int utype; |
| 196 | if (it) { | 196 | |
| 197 | const ASN1_PRIMITIVE_FUNCS *pf; | 197 | if (it != NULL && it->funcs != NULL) { |
| 198 | pf = it->funcs; | 198 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 199 | if (pf && pf->prim_free) { | 199 | |
| 200 | pf->prim_free(pval, it); | 200 | pf->prim_free(pval, it); |
| 201 | return; | 201 | return; |
| 202 | } | ||
| 203 | } | 202 | } |
| 203 | |||
| 204 | /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ | 204 | /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ |
| 205 | if (!it) { | 205 | if (!it) { |
| 206 | ASN1_TYPE *typ = (ASN1_TYPE *)*pval; | 206 | ASN1_TYPE *typ = (ASN1_TYPE *)*pval; |
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c index e9bbc05e08..7c9bb98974 100644 --- a/src/lib/libcrypto/asn1/tasn_new.c +++ b/src/lib/libcrypto/asn1/tasn_new.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_new.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ | 1 | /* $OpenBSD: tasn_new.c,v 1.18 2019/04/01 15:48:04 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -306,10 +306,12 @@ ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 306 | ASN1_STRING *str; | 306 | ASN1_STRING *str; |
| 307 | int utype; | 307 | int utype; |
| 308 | 308 | ||
| 309 | if (it && it->funcs) { | 309 | if (it != NULL && it->funcs != NULL) { |
| 310 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; | 310 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 311 | if (pf->prim_new) | 311 | |
| 312 | return pf->prim_new(pval, it); | 312 | if (pf->prim_new == NULL) |
| 313 | return 0; | ||
| 314 | return pf->prim_new(pval, it); | ||
| 313 | } | 315 | } |
| 314 | 316 | ||
| 315 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) | 317 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) |
| @@ -355,14 +357,17 @@ static void | |||
| 355 | asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) | 357 | asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 356 | { | 358 | { |
| 357 | int utype; | 359 | int utype; |
| 358 | if (it && it->funcs) { | 360 | |
| 361 | if (it != NULL && it->funcs != NULL) { | ||
| 359 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; | 362 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 363 | |||
| 360 | if (pf->prim_clear) | 364 | if (pf->prim_clear) |
| 361 | pf->prim_clear(pval, it); | 365 | pf->prim_clear(pval, it); |
| 362 | else | 366 | else |
| 363 | *pval = NULL; | 367 | *pval = NULL; |
| 364 | return; | 368 | return; |
| 365 | } | 369 | } |
| 370 | |||
| 366 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) | 371 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) |
| 367 | utype = V_ASN1_UNDEF; | 372 | utype = V_ASN1_UNDEF; |
| 368 | else | 373 | else |
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c index 9fbf177ba4..36bb4ddc4b 100644 --- a/src/lib/libcrypto/asn1/tasn_prn.c +++ b/src/lib/libcrypto/asn1/tasn_prn.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_prn.c,v 1.18 2019/03/23 18:48:14 beck Exp $ */ | 1 | /* $OpenBSD: tasn_prn.c,v 1.19 2019/04/01 15:48:04 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -500,13 +500,18 @@ asn1_primitive_print(BIO *out, ASN1_VALUE **fld, const ASN1_ITEM *it, | |||
| 500 | ASN1_STRING *str; | 500 | ASN1_STRING *str; |
| 501 | int ret = 1, needlf = 1; | 501 | int ret = 1, needlf = 1; |
| 502 | const char *pname; | 502 | const char *pname; |
| 503 | const ASN1_PRIMITIVE_FUNCS *pf; | ||
| 504 | 503 | ||
| 505 | pf = it->funcs; | ||
| 506 | if (!asn1_print_fsname(out, indent, fname, sname, pctx)) | 504 | if (!asn1_print_fsname(out, indent, fname, sname, pctx)) |
| 507 | return 0; | 505 | return 0; |
| 508 | if (pf && pf->prim_print) | 506 | |
| 507 | if (it != NULL && it->funcs != NULL) { | ||
| 508 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; | ||
| 509 | |||
| 510 | if (pf->prim_print == NULL) | ||
| 511 | return 0; | ||
| 512 | |||
| 509 | return pf->prim_print(out, fld, it, indent, pctx); | 513 | return pf->prim_print(out, fld, it, indent, pctx); |
| 514 | } | ||
| 510 | 515 | ||
| 511 | str = (ASN1_STRING *)*fld; | 516 | str = (ASN1_STRING *)*fld; |
| 512 | 517 | ||