diff options
| author | miod <> | 2015-07-19 18:25:59 +0000 |
|---|---|---|
| committer | miod <> | 2015-07-19 18:25:59 +0000 |
| commit | e5955381f2756ed7dfa9d95684f7bce72885cbd0 (patch) | |
| tree | e7e2277b99a4664031d84c7631692bf4877f5ad0 /src | |
| parent | 434ae239dcf64cf56b6f17edb0168de9e7c1a70b (diff) | |
| download | openbsd-e5955381f2756ed7dfa9d95684f7bce72885cbd0.tar.gz openbsd-e5955381f2756ed7dfa9d95684f7bce72885cbd0.tar.bz2 openbsd-e5955381f2756ed7dfa9d95684f7bce72885cbd0.zip | |
Verify ASN1 objects types before attempting to access them as a particular
type.
ok guenther@ doug@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_verify.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_verify.c | 4 |
4 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index d6fcaca745..2c69edf499 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.34 2015/07/18 14:40:59 miod Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.35 2015/07/19 18:25:59 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1187,6 +1187,8 @@ PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) | |||
| 1187 | 1187 | ||
| 1188 | if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) | 1188 | if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) |
| 1189 | return NULL; | 1189 | return NULL; |
| 1190 | if (astype->type != V_ASN1_OCTET_STRING) | ||
| 1191 | return NULL; | ||
| 1190 | return astype->value.octet_string; | 1192 | return astype->value.octet_string; |
| 1191 | } | 1193 | } |
| 1192 | 1194 | ||
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c index 797877011c..204c6a9df8 100644 --- a/src/lib/libcrypto/ts/ts_rsp_verify.c +++ b/src/lib/libcrypto/ts/ts_rsp_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.15 2015/07/19 05:42:55 miod Exp $ */ | 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.16 2015/07/19 18:25:59 miod Exp $ */ |
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL |
| 3 | * project 2002. | 3 | * project 2002. |
| 4 | */ | 4 | */ |
| @@ -312,6 +312,8 @@ ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) | |||
| 312 | NID_id_smime_aa_signingCertificate); | 312 | NID_id_smime_aa_signingCertificate); |
| 313 | if (!attr) | 313 | if (!attr) |
| 314 | return NULL; | 314 | return NULL; |
| 315 | if (attr->type != V_ASN1_SEQUENCE) | ||
| 316 | return NULL; | ||
| 315 | p = attr->value.sequence->data; | 317 | p = attr->value.sequence->data; |
| 316 | return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); | 318 | return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); |
| 317 | } | 319 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c index d6fcaca745..2c69edf499 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.34 2015/07/18 14:40:59 miod Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.35 2015/07/19 18:25:59 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1187,6 +1187,8 @@ PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) | |||
| 1187 | 1187 | ||
| 1188 | if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) | 1188 | if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) |
| 1189 | return NULL; | 1189 | return NULL; |
| 1190 | if (astype->type != V_ASN1_OCTET_STRING) | ||
| 1191 | return NULL; | ||
| 1190 | return astype->value.octet_string; | 1192 | return astype->value.octet_string; |
| 1191 | } | 1193 | } |
| 1192 | 1194 | ||
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c index 797877011c..204c6a9df8 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.15 2015/07/19 05:42:55 miod Exp $ */ | 1 | /* $OpenBSD: ts_rsp_verify.c,v 1.16 2015/07/19 18:25:59 miod Exp $ */ |
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL |
| 3 | * project 2002. | 3 | * project 2002. |
| 4 | */ | 4 | */ |
| @@ -312,6 +312,8 @@ ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) | |||
| 312 | NID_id_smime_aa_signingCertificate); | 312 | NID_id_smime_aa_signingCertificate); |
| 313 | if (!attr) | 313 | if (!attr) |
| 314 | return NULL; | 314 | return NULL; |
| 315 | if (attr->type != V_ASN1_SEQUENCE) | ||
| 316 | return NULL; | ||
| 315 | p = attr->value.sequence->data; | 317 | p = attr->value.sequence->data; |
| 316 | return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); | 318 | return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); |
| 317 | } | 319 | } |