1 files changed, 19 insertions, 14 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index a37f844d3c..efdf7c3ba7 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -61,7 +61,7 @@
 #include <stdio.h>
 #include <stdlib.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
 /*
 * Extract the AFI from an IPAddressFamily.
 */
-unsigned v3_addr_get_afi(const IPAddressFamily *f)
+unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
  return ((f != NULL &&
           f->addressFamily != NULL &&
@@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
                        const int length,
                        const unsigned char fill)
 {
-  assert(bs->length >= 0 && bs->length <= length);
+  OPENSSL_assert(bs->length >= 0 && bs->length <= length);
  if (bs->length > 0) {
    memcpy(addr, bs->data, bs->length);
    if ((bs->flags & 7) != 0) {
@@ -190,6 +190,8 @@ static int i2r_address(BIO *out,
      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
    if (i < 16)
      BIO_puts(out, ":");
+    if (i == 0)
+      BIO_puts(out, ":");
    break;
  default:
    for (i = 0; i < bs->length; i++)
@@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
  int i;
  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    const unsigned afi = v3_addr_get_afi(f);
+    const unsigned int afi = v3_addr_get_afi(f);
    switch (afi) {
    case IANA_AFI_IPV4:
      BIO_printf(out, "%*sIPv4", indent, "");
@@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result,
  if ((aor = IPAddressOrRange_new()) == NULL)
    return 0;
  aor->type = IPAddressOrRange_addressRange;
-  assert(aor->u.addressRange == NULL);
+  OPENSSL_assert(aor->u.addressRange == NULL);
  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
    goto err;
  if (aor->u.addressRange->min == NULL &&
@@ -522,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
    f = sk_IPAddressFamily_value(addr, i);
-    assert(f->addressFamily->data != NULL);
+    OPENSSL_assert(f->addressFamily->data != NULL);
    if (f->addressFamily->length == keylen &&
        !memcmp(f->addressFamily->data, key, keylen))
      return f;
@@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor,
                            unsigned char *max,
                            int length)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
  switch (aor->type) {
  case IPAddressOrRange_addressPrefix:
    addr_expand(min, aor->u.addressPrefix, length, 0x00);
@@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
  }
  (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
  sk_IPAddressFamily_sort(addr);
-  assert(v3_addr_is_canonical(addr));
+  OPENSSL_assert(v3_addr_is_canonical(addr));
  return 1;
 }
@@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
    int j = sk_IPAddressFamily_find(b, fa);
-    IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
+    IPAddressFamily *fb;
+    fb = sk_IPAddressFamily_value(b, j);
+    if (fb == NULL)
+       return 0;
    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
                       fa->ipAddressChoice->u.addressesOrRanges,
                       length_from_afi(v3_addr_get_afi(fb))))
@@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
  int i, j, ret = 1;
  X509 *x = NULL;
-  assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
  /*
   * Figure out where to start.  If we don't have an extension to
@@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
  } else {
    i = 0;
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if ((ext = x->rfc3779_addr) == NULL)
      goto done;
  }
@@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
   */
  for (i++; i < sk_X509_num(chain); i++) {
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if (!v3_addr_is_canonical(x->rfc3779_addr))
      validation_err(X509_V_ERR_INVALID_EXTENSION);
    if (x->rfc3779_addr == NULL) {

diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index a37f844d3c..efdf7c3ba7 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -61,7 +61,7 @@
61		61
62	#include <stdio.h>	62	#include <stdio.h>
63	#include <stdlib.h>	63	#include <stdlib.h>
64	#include <assert.h>	64
65	#include "cryptlib.h"	65	#include "cryptlib.h"
66	#include <openssl/conf.h>	66	#include <openssl/conf.h>
67	#include <openssl/asn1.h>	67	#include <openssl/asn1.h>
@@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
128	/*	128	/*
129	* Extract the AFI from an IPAddressFamily.	129	* Extract the AFI from an IPAddressFamily.
130	*/	130	*/
131	unsigned v3_addr_get_afi(const IPAddressFamily *f)	131	unsigned int v3_addr_get_afi(const IPAddressFamily *f)
132	{	132	{
133	return ((f != NULL &&	133	return ((f != NULL &&
134	f->addressFamily != NULL &&	134	f->addressFamily != NULL &&
@@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
147	const int length,	147	const int length,
148	const unsigned char fill)	148	const unsigned char fill)
149	{	149	{
150	assert(bs->length >= 0 && bs->length <= length);	150	OPENSSL_assert(bs->length >= 0 && bs->length <= length);
151	if (bs->length > 0) {	151	if (bs->length > 0) {
152	memcpy(addr, bs->data, bs->length);	152	memcpy(addr, bs->data, bs->length);
153	if ((bs->flags & 7) != 0) {	153	if ((bs->flags & 7) != 0) {
@@ -190,6 +190,8 @@ static int i2r_address(BIO *out,
190	BIO_printf(out, "%x%s", (addr[i] << 8) \| addr[i+1], (i < 14 ? ":" : ""));	190	BIO_printf(out, "%x%s", (addr[i] << 8) \| addr[i+1], (i < 14 ? ":" : ""));
191	if (i < 16)	191	if (i < 16)
192	BIO_puts(out, ":");	192	BIO_puts(out, ":");
		193	if (i == 0)
		194	BIO_puts(out, ":");
193	break;	195	break;
194	default:	196	default:
195	for (i = 0; i < bs->length; i++)	197	for (i = 0; i < bs->length; i++)
@@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
243	int i;	245	int i;
244	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	246	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
245	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);	247	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
246	const unsigned afi = v3_addr_get_afi(f);	248	const unsigned int afi = v3_addr_get_afi(f);
247	switch (afi) {	249	switch (afi) {
248	case IANA_AFI_IPV4:	250	case IANA_AFI_IPV4:
249	BIO_printf(out, "%*sIPv4", indent, "");	251	BIO_printf(out, "%*sIPv4", indent, "");
@@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result,
453	if ((aor = IPAddressOrRange_new()) == NULL)	455	if ((aor = IPAddressOrRange_new()) == NULL)
454	return 0;	456	return 0;
455	aor->type = IPAddressOrRange_addressRange;	457	aor->type = IPAddressOrRange_addressRange;
456	assert(aor->u.addressRange == NULL);	458	OPENSSL_assert(aor->u.addressRange == NULL);
457	if ((aor->u.addressRange = IPAddressRange_new()) == NULL)	459	if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
458	goto err;	460	goto err;
459	if (aor->u.addressRange->min == NULL &&	461	if (aor->u.addressRange->min == NULL &&
@@ -522,7 +524,7 @@ static IPAddressFamily make_IPAddressFamily(IPAddrBlocks addr,
522		524
523	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	525	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
524	f = sk_IPAddressFamily_value(addr, i);	526	f = sk_IPAddressFamily_value(addr, i);
525	assert(f->addressFamily->data != NULL);	527	OPENSSL_assert(f->addressFamily->data != NULL);
526	if (f->addressFamily->length == keylen &&	528	if (f->addressFamily->length == keylen &&
527	!memcmp(f->addressFamily->data, key, keylen))	529	!memcmp(f->addressFamily->data, key, keylen))
528	return f;	530	return f;
@@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor,
654	unsigned char *max,	656	unsigned char *max,
655	int length)	657	int length)
656	{	658	{
657	assert(aor != NULL && min != NULL && max != NULL);	659	OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
658	switch (aor->type) {	660	switch (aor->type) {
659	case IPAddressOrRange_addressPrefix:	661	case IPAddressOrRange_addressPrefix:
660	addr_expand(min, aor->u.addressPrefix, length, 0x00);	662	addr_expand(min, aor->u.addressPrefix, length, 0x00);
@@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
880	}	882	}
881	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);	883	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
882	sk_IPAddressFamily_sort(addr);	884	sk_IPAddressFamily_sort(addr);
883	assert(v3_addr_is_canonical(addr));	885	OPENSSL_assert(v3_addr_is_canonical(addr));
884	return 1;	886	return 1;
885	}	887	}
886		888
@@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks a, IPAddrBlocks b)
1127	for (i = 0; i < sk_IPAddressFamily_num(a); i++) {	1129	for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1128	IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);	1130	IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1129	int j = sk_IPAddressFamily_find(b, fa);	1131	int j = sk_IPAddressFamily_find(b, fa);
1130	IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);	1132	IPAddressFamily *fb;
		1133	fb = sk_IPAddressFamily_value(b, j);
		1134	if (fb == NULL)
		1135	return 0;
1131	if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,	1136	if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
1132	fa->ipAddressChoice->u.addressesOrRanges,	1137	fa->ipAddressChoice->u.addressesOrRanges,
1133	length_from_afi(v3_addr_get_afi(fb))))	1138	length_from_afi(v3_addr_get_afi(fb))))
@@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1164	int i, j, ret = 1;	1169	int i, j, ret = 1;
1165	X509 *x = NULL;	1170	X509 *x = NULL;
1166		1171
1167	assert(chain != NULL && sk_X509_num(chain) > 0);	1172	OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
1168	assert(ctx != NULL \|\| ext != NULL);	1173	OPENSSL_assert(ctx != NULL \|\| ext != NULL);
1169	assert(ctx == NULL \|\| ctx->verify_cb != NULL);	1174	OPENSSL_assert(ctx == NULL \|\| ctx->verify_cb != NULL);
1170		1175
1171	/*	1176	/*
1172	* Figure out where to start. If we don't have an extension to	1177	* Figure out where to start. If we don't have an extension to
@@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1178	} else {	1183	} else {
1179	i = 0;	1184	i = 0;
1180	x = sk_X509_value(chain, i);	1185	x = sk_X509_value(chain, i);
1181	assert(x != NULL);	1186	OPENSSL_assert(x != NULL);
1182	if ((ext = x->rfc3779_addr) == NULL)	1187	if ((ext = x->rfc3779_addr) == NULL)
1183	goto done;	1188	goto done;
1184	}	1189	}
@@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1197	*/	1202	*/
1198	for (i++; i < sk_X509_num(chain); i++) {	1203	for (i++; i < sk_X509_num(chain); i++) {
1199	x = sk_X509_value(chain, i);	1204	x = sk_X509_value(chain, i);
1200	assert(x != NULL);	1205	OPENSSL_assert(x != NULL);
1201	if (!v3_addr_is_canonical(x->rfc3779_addr))	1206	if (!v3_addr_is_canonical(x->rfc3779_addr))
1202	validation_err(X509_V_ERR_INVALID_EXTENSION);	1207	validation_err(X509_V_ERR_INVALID_EXTENSION);
1203	if (x->rfc3779_addr == NULL) {	1208	if (x->rfc3779_addr == NULL) {