diff options
| author | beck <> | 2015-12-04 04:19:25 +0000 |
|---|---|---|
| committer | beck <> | 2015-12-04 04:19:25 +0000 |
| commit | f449a45336602f59009527a500289cd9d94a9e21 (patch) | |
| tree | 9d6c63f2915116e9ef1f319667988d2d555ccfa9 /src | |
| parent | cde255c048aa42af5b2398258671abd87aa3cf52 (diff) | |
| download | openbsd-f449a45336602f59009527a500289cd9d94a9e21.tar.gz openbsd-f449a45336602f59009527a500289cd9d94a9e21.tar.bz2 openbsd-f449a45336602f59009527a500289cd9d94a9e21.zip | |
Fix for OpenSSL CVE-2015-3195
ok djm@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 |
2 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index f08514dc83..dd350070f7 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */ | 1 | /* $OpenBSD: tasn_dec.c,v 1.28 2015/12/04 04:19:25 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, | |||
| 166 | int otag; | 166 | int otag; |
| 167 | int ret = 0; | 167 | int ret = 0; |
| 168 | ASN1_VALUE **pchptr; | 168 | ASN1_VALUE **pchptr; |
| 169 | int combine; | ||
| 170 | |||
| 171 | combine = aclass & ASN1_TFLG_COMBINE; | ||
| 172 | aclass &= ~ASN1_TFLG_COMBINE; | ||
| 169 | 173 | ||
| 170 | if (!pval) | 174 | if (!pval) |
| 171 | return 0; | 175 | return 0; |
| @@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, | |||
| 447 | auxerr: | 451 | auxerr: |
| 448 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); | 452 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); |
| 449 | err: | 453 | err: |
| 450 | ASN1_item_ex_free(pval, it); | 454 | if (combine == 0) |
| 455 | ASN1_item_ex_free(pval, it); | ||
| 451 | if (errtt) | 456 | if (errtt) |
| 452 | ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, | 457 | ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, |
| 453 | it->sname); | 458 | it->sname); |
| @@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, | |||
| 642 | } else { | 647 | } else { |
| 643 | /* Nothing special */ | 648 | /* Nothing special */ |
| 644 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), | 649 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), |
| 645 | -1, 0, opt, ctx); | 650 | -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); |
| 646 | if (!ret) { | 651 | if (!ret) { |
| 647 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | 652 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, |
| 648 | ERR_R_NESTED_ASN1_ERROR); | 653 | ERR_R_NESTED_ASN1_ERROR); |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index f08514dc83..dd350070f7 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */ | 1 | /* $OpenBSD: tasn_dec.c,v 1.28 2015/12/04 04:19:25 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, | |||
| 166 | int otag; | 166 | int otag; |
| 167 | int ret = 0; | 167 | int ret = 0; |
| 168 | ASN1_VALUE **pchptr; | 168 | ASN1_VALUE **pchptr; |
| 169 | int combine; | ||
| 170 | |||
| 171 | combine = aclass & ASN1_TFLG_COMBINE; | ||
| 172 | aclass &= ~ASN1_TFLG_COMBINE; | ||
| 169 | 173 | ||
| 170 | if (!pval) | 174 | if (!pval) |
| 171 | return 0; | 175 | return 0; |
| @@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, | |||
| 447 | auxerr: | 451 | auxerr: |
| 448 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); | 452 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); |
| 449 | err: | 453 | err: |
| 450 | ASN1_item_ex_free(pval, it); | 454 | if (combine == 0) |
| 455 | ASN1_item_ex_free(pval, it); | ||
| 451 | if (errtt) | 456 | if (errtt) |
| 452 | ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, | 457 | ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, |
| 453 | it->sname); | 458 | it->sname); |
| @@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, | |||
| 642 | } else { | 647 | } else { |
| 643 | /* Nothing special */ | 648 | /* Nothing special */ |
| 644 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), | 649 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), |
| 645 | -1, 0, opt, ctx); | 650 | -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); |
| 646 | if (!ret) { | 651 | if (!ret) { |
| 647 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | 652 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, |
| 648 | ERR_R_NESTED_ASN1_ERROR); | 653 | ERR_R_NESTED_ASN1_ERROR); |