diff options
| author | schwarze <> | 2021-07-06 11:26:25 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-07-06 11:26:25 +0000 |
| commit | d7ebc94a200ecf103c2b66842182ab0689a88daa (patch) | |
| tree | 9ecc2e840128dcae3b778a1107511a8c97e32942 /src/lib | |
| parent | 989ff61c1a16a5db7053119ab823c7a1cb4191e7 (diff) | |
| download | openbsd-d7ebc94a200ecf103c2b66842182ab0689a88daa.tar.gz openbsd-d7ebc94a200ecf103c2b66842182ab0689a88daa.tar.bz2 openbsd-d7ebc94a200ecf103c2b66842182ab0689a88daa.zip | |
Fix a bug in X509_print_ex(3).
If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3)
failed, the error return value of 0 was misinterpreted as an indicator
of success, causing X509_print_ex(3) to ignore the error, continue
printing, and potentially return successfully even though not all
the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function
indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT
and by returning -1 if nmflags != X509_FLAG_COMPAT.
That's definitely atrocious API design (witnessed by the
complexity of the code needed for correct error checking),
but changing the API contract and becoming incompatible
with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct
either because X509_NAME_print_ex(3) returns 0 to indicate that it
successfully printed zero bytes in some cases, for example when all
three of the following conditions hold:
1. nmflags != X509_FLAG_COMPAT
2. indent == 0 (which X509_print_ex(3) does use in some cases)
3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch,
then jsing@ proposed this improved version of the patch.
OK jsing@.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/asn1/t_x509.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index 73a0491c00..1cef35dfca 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t_x509.c,v 1.32 2020/04/10 07:05:24 tb Exp $ */ | 1 | /* $OpenBSD: t_x509.c,v 1.33 2021/07/06 11:26:25 schwarze Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -180,7 +180,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | |||
| 180 | if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) | 180 | if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) |
| 181 | goto err; | 181 | goto err; |
| 182 | if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), | 182 | if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), |
| 183 | nmindent, nmflags) < 0) | 183 | nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0)) |
| 184 | goto err; | 184 | goto err; |
| 185 | if (BIO_write(bp, "\n", 1) <= 0) | 185 | if (BIO_write(bp, "\n", 1) <= 0) |
| 186 | goto err; | 186 | goto err; |
| @@ -203,7 +203,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | |||
| 203 | if (BIO_printf(bp, " Subject:%c", mlch) <= 0) | 203 | if (BIO_printf(bp, " Subject:%c", mlch) <= 0) |
| 204 | goto err; | 204 | goto err; |
| 205 | if (X509_NAME_print_ex(bp, X509_get_subject_name(x), | 205 | if (X509_NAME_print_ex(bp, X509_get_subject_name(x), |
| 206 | nmindent, nmflags) < 0) | 206 | nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0)) |
| 207 | goto err; | 207 | goto err; |
| 208 | if (BIO_write(bp, "\n", 1) <= 0) | 208 | if (BIO_write(bp, "\n", 1) <= 0) |
| 209 | goto err; | 209 | goto err; |