diff options
| author | schwarze <> | 2018-04-04 11:59:26 +0000 |
|---|---|---|
| committer | schwarze <> | 2018-04-04 11:59:26 +0000 |
| commit | a0522cf10ae4b806e95c44e85e22fae53f9228d6 (patch) | |
| tree | 0a16ac7de05cec904ce04fa16baf6b1685b75c32 /src | |
| parent | fa93c1f197945062d5ade3c81706f3044c21224b (diff) | |
| download | openbsd-a0522cf10ae4b806e95c44e85e22fae53f9228d6.tar.gz openbsd-a0522cf10ae4b806e95c44e85e22fae53f9228d6.tar.bz2 openbsd-a0522cf10ae4b806e95c44e85e22fae53f9228d6.zip | |
Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.
OK beck@, jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509name.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index 2ca1a76b64..4e2695fd74 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509name.c,v 1.15 2018/03/17 15:28:27 tb Exp $ */ | 1 | /* $OpenBSD: x509name.c,v 1.16 2018/04/04 11:59:26 schwarze Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -249,17 +249,15 @@ X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set) | |||
| 249 | loc = n; | 249 | loc = n; |
| 250 | else if (loc < 0) | 250 | else if (loc < 0) |
| 251 | loc = n; | 251 | loc = n; |
| 252 | 252 | inc = (set == 0); | |
| 253 | name->modified = 1; | 253 | name->modified = 1; |
| 254 | 254 | ||
| 255 | if (set == -1) { | 255 | if (set == -1) { |
| 256 | if (loc == 0) { | 256 | if (loc == 0) { |
| 257 | set = 0; | 257 | set = 0; |
| 258 | inc = 1; | 258 | inc = 1; |
| 259 | } else { | 259 | } else |
| 260 | set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; | 260 | set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; |
| 261 | inc = 0; | ||
| 262 | } | ||
| 263 | } else /* if (set >= 0) */ { | 261 | } else /* if (set >= 0) */ { |
| 264 | if (loc >= n) { | 262 | if (loc >= n) { |
| 265 | if (loc != 0) | 263 | if (loc != 0) |
| @@ -268,7 +266,6 @@ X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set) | |||
| 268 | set = 0; | 266 | set = 0; |
| 269 | } else | 267 | } else |
| 270 | set = sk_X509_NAME_ENTRY_value(sk, loc)->set; | 268 | set = sk_X509_NAME_ENTRY_value(sk, loc)->set; |
| 271 | inc = (set == 0) ? 1 : 0; | ||
| 272 | } | 269 | } |
| 273 | 270 | ||
| 274 | if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) | 271 | if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) |
| @@ -281,7 +278,7 @@ X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set) | |||
| 281 | if (inc) { | 278 | if (inc) { |
| 282 | n = sk_X509_NAME_ENTRY_num(sk); | 279 | n = sk_X509_NAME_ENTRY_num(sk); |
| 283 | for (i = loc + 1; i < n; i++) | 280 | for (i = loc + 1; i < n; i++) |
| 284 | sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; | 281 | sk_X509_NAME_ENTRY_value(sk, i)->set += 1; |
| 285 | } | 282 | } |
| 286 | return (1); | 283 | return (1); |
| 287 | 284 | ||