1 files changed, 47 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c
index 891c7dd787..a7c1a8c6a1 100644
--- a/src/lib/libcrypto/x509/x509_alt.c
+++ b/src/lib/libcrypto/x509/x509_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_alt.c,v 1.4 2021/10/27 10:22:08 beck Exp $ */
+/* $OpenBSD: x509_alt.c,v 1.5 2021/10/28 10:58:23 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
+#include "x509_internal.h"
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
@@ -612,8 +614,11 @@ GENERAL_NAME *
 v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
    X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
 {
-        int type;
+        uint8_t *bytes = NULL;
        char *name, *value;
+        GENERAL_NAME *ret;
+        size_t len = 0;
+        int type;
        name = cnf->name;
        value = cnf->value;
@@ -643,7 +648,46 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
                return NULL;
        }
-        return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+        ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+        /* Validate what we have for sanity */
+        type = x509_constraints_general_to_bytes(ret, &bytes, &len);
+        switch(type) {
+        case GEN_DNS:
+                if (!x509_constraints_valid_sandns(bytes, len)) {
+                        X509V3error(X509V3_R_BAD_OBJECT);
+                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        goto err;
+                }
+                break;
+        case GEN_URI:
+                if (!x509_constraints_uri_host(bytes, len, NULL)) {
+                        X509V3error(X509V3_R_BAD_OBJECT);
+                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        goto err;
+                }
+                break;
+        case GEN_EMAIL:
+                if (!x509_constraints_parse_mailbox(bytes, len, NULL)) {
+                        X509V3error(X509V3_R_BAD_OBJECT);
+                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        goto err;
+                }
+                break;
+        case GEN_IPADD:
+                if (len != 4 && len != 16) {
+                        X509V3error(X509V3_R_BAD_IP_ADDRESS);
+                        ERR_asprintf_error_data("name=%s len=%zu", name, len);
+                        goto err;
+                }
+                break;
+        default:
+                break;
+        }
+        return ret;
+ err:
+        GENERAL_NAME_free(ret);
+        return NULL;
 }
 static int

diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c index 891c7dd787..a7c1a8c6a1 100644 --- a/src/lib/libcrypto/x509/x509_alt.c +++ b/src/lib/libcrypto/x509/x509_alt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_alt.c,v 1.4 2021/10/27 10:22:08 beck Exp $ */	1	/* $OpenBSD: x509_alt.c,v 1.5 2021/10/28 10:58:23 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -63,6 +63,8 @@
63	#include <openssl/err.h>	63	#include <openssl/err.h>
64	#include <openssl/x509v3.h>	64	#include <openssl/x509v3.h>
65		65
		66	#include "x509_internal.h"
		67
66	static GENERAL_NAMES v2i_subject_alt(X509V3_EXT_METHOD method,	68	static GENERAL_NAMES v2i_subject_alt(X509V3_EXT_METHOD method,
67	X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);	69	X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);
68	static GENERAL_NAMES v2i_issuer_alt(X509V3_EXT_METHOD method,	70	static GENERAL_NAMES v2i_issuer_alt(X509V3_EXT_METHOD method,
@@ -612,8 +614,11 @@ GENERAL_NAME *
612	v2i_GENERAL_NAME_ex(GENERAL_NAME out, const X509V3_EXT_METHOD method,	614	v2i_GENERAL_NAME_ex(GENERAL_NAME out, const X509V3_EXT_METHOD method,
613	X509V3_CTX ctx, CONF_VALUE cnf, int is_nc)	615	X509V3_CTX ctx, CONF_VALUE cnf, int is_nc)
614	{	616	{
615	int type;	617	uint8_t *bytes = NULL;
616	char name, value;	618	char name, value;
		619	GENERAL_NAME *ret;
		620	size_t len = 0;
		621	int type;
617		622
618	name = cnf->name;	623	name = cnf->name;
619	value = cnf->value;	624	value = cnf->value;
@@ -643,7 +648,46 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME out, const X509V3_EXT_METHOD method,
643	return NULL;	648	return NULL;
644	}	649	}
645		650
646	return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);	651	ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
		652
		653	/* Validate what we have for sanity */
		654	type = x509_constraints_general_to_bytes(ret, &bytes, &len);
		655	switch(type) {
		656	case GEN_DNS:
		657	if (!x509_constraints_valid_sandns(bytes, len)) {
		658	X509V3error(X509V3_R_BAD_OBJECT);
		659	ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
		660	goto err;
		661	}
		662	break;
		663	case GEN_URI:
		664	if (!x509_constraints_uri_host(bytes, len, NULL)) {
		665	X509V3error(X509V3_R_BAD_OBJECT);
		666	ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
		667	goto err;
		668	}
		669	break;
		670	case GEN_EMAIL:
		671	if (!x509_constraints_parse_mailbox(bytes, len, NULL)) {
		672	X509V3error(X509V3_R_BAD_OBJECT);
		673	ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
		674	goto err;
		675	}
		676	break;
		677	case GEN_IPADD:
		678	if (len != 4 && len != 16) {
		679	X509V3error(X509V3_R_BAD_IP_ADDRESS);
		680	ERR_asprintf_error_data("name=%s len=%zu", name, len);
		681	goto err;
		682	}
		683	break;
		684	default:
		685	break;
		686	}
		687	return ret;
		688	err:
		689	GENERAL_NAME_free(ret);
		690	return NULL;
647	}	691	}
648		692
649	static int	693	static int