diff options
| author | tb <> | 2021-08-24 15:23:03 +0000 |
|---|---|---|
| committer | tb <> | 2021-08-24 15:23:03 +0000 |
| commit | 52abe2974a6ccf1fbf26a380d1f675aacc9aae28 (patch) | |
| tree | c39cdb8b332be4446a8637c55f18a2a1f4c7ec18 /src | |
| parent | 3b5f7f2deeb8133ab932229a210a97daf715b5f1 (diff) | |
| download | openbsd-52abe2974a6ccf1fbf26a380d1f675aacc9aae28.tar.gz openbsd-52abe2974a6ccf1fbf26a380d1f675aacc9aae28.tar.bz2 openbsd-52abe2974a6ccf1fbf26a380d1f675aacc9aae28.zip | |
Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.
From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)
ok inoguchi
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/t_spki.c | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_alt.c | 11 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cpols.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_pci.c | 5 |
4 files changed, 20 insertions, 14 deletions
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c index 39ff0670b6..7f1ed129cf 100644 --- a/src/lib/libcrypto/asn1/t_spki.c +++ b/src/lib/libcrypto/asn1/t_spki.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t_spki.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */ | 1 | /* $OpenBSD: t_spki.c,v 1.12 2021/08/24 15:23:03 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -94,7 +94,8 @@ NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) | |||
| 94 | } | 94 | } |
| 95 | chal = spki->spkac->challenge; | 95 | chal = spki->spkac->challenge; |
| 96 | if (chal->length) | 96 | if (chal->length) |
| 97 | BIO_printf(out, " Challenge String: %s\n", chal->data); | 97 | BIO_printf(out, " Challenge String: %.*s\n", chal->length, |
| 98 | chal->data); | ||
| 98 | i = OBJ_obj2nid(spki->sig_algor->algorithm); | 99 | i = OBJ_obj2nid(spki->sig_algor->algorithm); |
| 99 | BIO_printf(out, " Signature Algorithm: %s", | 100 | BIO_printf(out, " Signature Algorithm: %s", |
| 100 | (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); | 101 | (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); |
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c index 45aaec24c0..5b9f490bae 100644 --- a/src/lib/libcrypto/x509/x509_alt.c +++ b/src/lib/libcrypto/x509/x509_alt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_alt.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ | 1 | /* $OpenBSD: x509_alt.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -264,15 +264,18 @@ GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) | |||
| 264 | break; | 264 | break; |
| 265 | 265 | ||
| 266 | case GEN_EMAIL: | 266 | case GEN_EMAIL: |
| 267 | BIO_printf(out, "email:%s", gen->d.ia5->data); | 267 | BIO_printf(out, "email:%.*s", gen->d.ia5->length, |
| 268 | gen->d.ia5->data); | ||
| 268 | break; | 269 | break; |
| 269 | 270 | ||
| 270 | case GEN_DNS: | 271 | case GEN_DNS: |
| 271 | BIO_printf(out, "DNS:%s", gen->d.ia5->data); | 272 | BIO_printf(out, "DNS:%.*s", gen->d.ia5->length, |
| 273 | gen->d.ia5->data); | ||
| 272 | break; | 274 | break; |
| 273 | 275 | ||
| 274 | case GEN_URI: | 276 | case GEN_URI: |
| 275 | BIO_printf(out, "URI:%s", gen->d.ia5->data); | 277 | BIO_printf(out, "URI:%.*s", gen->d.ia5->length, |
| 278 | gen->d.ia5->data); | ||
| 276 | break; | 279 | break; |
| 277 | 280 | ||
| 278 | case GEN_DIRNAME: | 281 | case GEN_DIRNAME: |
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index 4b6c13cfbe..2ace607b23 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_cpols.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ | 1 | /* $OpenBSD: x509_cpols.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -696,7 +696,8 @@ print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) | |||
| 696 | qualinfo = sk_POLICYQUALINFO_value(quals, i); | 696 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
| 697 | switch (OBJ_obj2nid(qualinfo->pqualid)) { | 697 | switch (OBJ_obj2nid(qualinfo->pqualid)) { |
| 698 | case NID_id_qt_cps: | 698 | case NID_id_qt_cps: |
| 699 | BIO_printf(out, "%*sCPS: %s\n", indent, "", | 699 | BIO_printf(out, "%*sCPS: %.*s\n", indent, "", |
| 700 | qualinfo->d.cpsuri->length, | ||
| 700 | qualinfo->d.cpsuri->data); | 701 | qualinfo->d.cpsuri->data); |
| 701 | break; | 702 | break; |
| 702 | 703 | ||
| @@ -724,8 +725,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 724 | if (notice->noticeref) { | 725 | if (notice->noticeref) { |
| 725 | NOTICEREF *ref; | 726 | NOTICEREF *ref; |
| 726 | ref = notice->noticeref; | 727 | ref = notice->noticeref; |
| 727 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | 728 | BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", |
| 728 | ref->organization->data); | 729 | ref->organization->length, ref->organization->data); |
| 729 | BIO_printf(out, "%*sNumber%s: ", indent, "", | 730 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
| 730 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); | 731 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
| 731 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { | 732 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { |
| @@ -741,8 +742,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 741 | BIO_puts(out, "\n"); | 742 | BIO_puts(out, "\n"); |
| 742 | } | 743 | } |
| 743 | if (notice->exptext) | 744 | if (notice->exptext) |
| 744 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", | 745 | BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", |
| 745 | notice->exptext->data); | 746 | notice->exptext->length, notice->exptext->data); |
| 746 | } | 747 | } |
| 747 | 748 | ||
| 748 | void | 749 | void |
diff --git a/src/lib/libcrypto/x509/x509_pci.c b/src/lib/libcrypto/x509/x509_pci.c index 8997f0cec8..b1d31dfb44 100644 --- a/src/lib/libcrypto/x509/x509_pci.c +++ b/src/lib/libcrypto/x509/x509_pci.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_pci.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ | 1 | /* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ |
| 2 | /* Contributed to the OpenSSL Project 2004 | 2 | /* Contributed to the OpenSSL Project 2004 |
| 3 | * by Richard Levitte (richard@levitte.org) | 3 | * by Richard Levitte (richard@levitte.org) |
| 4 | */ | 4 | */ |
| @@ -77,7 +77,8 @@ i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out, | |||
| 77 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); | 77 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); |
| 78 | BIO_puts(out, "\n"); | 78 | BIO_puts(out, "\n"); |
| 79 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) | 79 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) |
| 80 | BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", | 80 | BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", |
| 81 | pci->proxyPolicy->policy->length, | ||
| 81 | pci->proxyPolicy->policy->data); | 82 | pci->proxyPolicy->policy->data); |
| 82 | return 1; | 83 | return 1; |
| 83 | } | 84 | } |