Do not allow TS_check_signer_name() with signer == NULL from - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	miod <>	2015-07-15 16:45:24 +0000
committer	miod <>	2015-07-15 16:45:24 +0000
commit	b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6 (patch)
tree	7cadd2f8dc53b5a5314943bf5d5c539b26c70410 /src/lib/libcrypto/dsa/dsa_gen.c
parent	7be2975fd485c5a4452099e9727e8b485fba3d2b (diff)
download	openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.tar.gz openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.tar.bz2 openbsd-b4b79ac55a858b9f4fb68520d70f59d7a78ef1c6.zip

Do not allow TS_check_signer_name() with signer == NULL from

int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_gen.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: