apply patches from OpenSSL Security Advisory [30 July 2002],

http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2

4 files changed, 12 insertions, 6 deletions

diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 830ff2af3c..fd8e77044e 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -123,15 +123,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
                 (int)(omax+ *pp));
 
 #endif
-#if 0
-        if ((p+ *plength) > (omax+ *pp))
+        if (*plength > (omax - (*pp - p)))
                 {
                 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
                 /* Set this so that even if things are not long enough
                  * the values are set correctly */
                 ret|=0x80;
                 }
-#endif
         *pp=p;
         return(ret|inf);
 err:
@@ -158,6 +156,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                 i= *p&0x7f;
                 if (*(p++) & 0x80)
                         {
+                        if (i > sizeof(long))
+                                return 0;
                         if (max-- == 0) return(0);
                         while (i-- > 0)
                                 {
@@ -169,6 +169,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                 else
                         ret=i;
                 }
+        if (ret < 0)
+                return 0;
         *pp=p;
         *rl=ret;
         return(1);
@@ -406,7 +408,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 
 void asn1_add_error(unsigned char *address, int offset)
         {
-        char buf1[16],buf2[16];
+        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
         sprintf(buf1,"%lu",(unsigned long)address);
         sprintf(buf2,"%d",offset);
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index 31f2766246..5e194de60e 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line)
 static int def_load_bio(CONF *conf, BIO *in, long *line)
         {
 #define BUFSIZE 512
-        char btmp[16];
         int bufnum=0,i,ii;
         BUF_MEM *buff=NULL;
         char *s,*p,*end;
         int again,n;
         long eline=0;
+        char btmp[DECIMAL_SIZE(eline)+1];
         CONF_VALUE *v=NULL,*tv;
         CONF_VALUE *sv=NULL;
         char *section=NULL,*buf;
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index a0489e57fc..37ce7721fb 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -89,6 +89,9 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 3ff64bb8d1..02c3719f04 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
         unsigned long l;
         unsigned char *p;
         const char *s;
-        char tbuf[32];
+        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
         if (buf_len <= 0) return(0);