diff options
| author | beck <> | 2016-03-02 14:28:14 +0000 |
|---|---|---|
| committer | beck <> | 2016-03-02 14:28:14 +0000 |
| commit | fc058410955c015c49e2b0bea7d294f5565009cf (patch) | |
| tree | e7673f116d563a38520d6ad5e6f9f4f4e4f3208f /src/lib | |
| parent | ab17e552504ef0a95a4e610ef038d76a7f3a34de (diff) | |
| download | openbsd-fc058410955c015c49e2b0bea7d294f5565009cf.tar.gz openbsd-fc058410955c015c49e2b0bea7d294f5565009cf.tar.bz2 openbsd-fc058410955c015c49e2b0bea7d294f5565009cf.zip | |
fix the rest of the read_ledword() calls used as lengths to be bounded.
inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
ok doug@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/pem/pvkfmt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pem/pvkfmt.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c index c3fd0e8d0a..7a9045396c 100644 --- a/src/lib/libcrypto/pem/pvkfmt.c +++ b/src/lib/libcrypto/pem/pvkfmt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pvkfmt.c,v 1.15 2016/03/02 05:02:35 beck Exp $ */ | 1 | /* $OpenBSD: pvkfmt.c,v 1.16 2016/03/02 14:28:14 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2005. | 3 | * project 2005. |
| 4 | */ | 4 | */ |
| @@ -179,6 +179,10 @@ do_blob_header(const unsigned char **in, unsigned int length, | |||
| 179 | p += 6; | 179 | p += 6; |
| 180 | *pmagic = read_ledword(&p); | 180 | *pmagic = read_ledword(&p); |
| 181 | *pbitlen = read_ledword(&p); | 181 | *pbitlen = read_ledword(&p); |
| 182 | if (*pbitlen > 65536) { | ||
| 183 | PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_INCONSISTENT_HEADER); | ||
| 184 | return 0; | ||
| 185 | } | ||
| 182 | *pisdss = 0; | 186 | *pisdss = 0; |
| 183 | switch (*pmagic) { | 187 | switch (*pmagic) { |
| 184 | 188 | ||
diff --git a/src/lib/libssl/src/crypto/pem/pvkfmt.c b/src/lib/libssl/src/crypto/pem/pvkfmt.c index c3fd0e8d0a..7a9045396c 100644 --- a/src/lib/libssl/src/crypto/pem/pvkfmt.c +++ b/src/lib/libssl/src/crypto/pem/pvkfmt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pvkfmt.c,v 1.15 2016/03/02 05:02:35 beck Exp $ */ | 1 | /* $OpenBSD: pvkfmt.c,v 1.16 2016/03/02 14:28:14 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2005. | 3 | * project 2005. |
| 4 | */ | 4 | */ |
| @@ -179,6 +179,10 @@ do_blob_header(const unsigned char **in, unsigned int length, | |||
| 179 | p += 6; | 179 | p += 6; |
| 180 | *pmagic = read_ledword(&p); | 180 | *pmagic = read_ledword(&p); |
| 181 | *pbitlen = read_ledword(&p); | 181 | *pbitlen = read_ledword(&p); |
| 182 | if (*pbitlen > 65536) { | ||
| 183 | PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_INCONSISTENT_HEADER); | ||
| 184 | return 0; | ||
| 185 | } | ||
| 182 | *pisdss = 0; | 186 | *pisdss = 0; |
| 183 | switch (*pmagic) { | 187 | switch (*pmagic) { |
| 184 | 188 | ||