diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/tasn_dec.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_vfy.c | 2 |
6 files changed, 22 insertions, 4 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index 60f36bb958..aed2895400 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c | |||
| @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, | |||
| 104 | l<<=7L; | 104 | l<<=7L; |
| 105 | l|= *(p++)&0x7f; | 105 | l|= *(p++)&0x7f; |
| 106 | if (--max == 0) goto err; | 106 | if (--max == 0) goto err; |
| 107 | if (l > (INT_MAX >> 7L)) goto err; | ||
| 107 | } | 108 | } |
| 108 | l<<=7L; | 109 | l<<=7L; |
| 109 | l|= *(p++)&0x7f; | 110 | l|= *(p++)&0x7f; |
| 110 | tag=(int)l; | 111 | tag=(int)l; |
| 112 | if (--max == 0) goto err; | ||
| 111 | } | 113 | } |
| 112 | else | 114 | else |
| 113 | { | 115 | { |
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 76fc023230..2426cb6253 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl | |||
| 691 | 691 | ||
| 692 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) | 692 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) |
| 693 | { | 693 | { |
| 694 | ASN1_VALUE **opval = NULL; | ||
| 694 | ASN1_STRING *stmp; | 695 | ASN1_STRING *stmp; |
| 695 | ASN1_TYPE *typ = NULL; | 696 | ASN1_TYPE *typ = NULL; |
| 696 | int ret = 0; | 697 | int ret = 0; |
| @@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 705 | *pval = (ASN1_VALUE *)typ; | 706 | *pval = (ASN1_VALUE *)typ; |
| 706 | } else typ = (ASN1_TYPE *)*pval; | 707 | } else typ = (ASN1_TYPE *)*pval; |
| 707 | if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); | 708 | if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); |
| 709 | opval = pval; | ||
| 708 | pval = (ASN1_VALUE **)&typ->value.ptr; | 710 | pval = (ASN1_VALUE **)&typ->value.ptr; |
| 709 | } | 711 | } |
| 710 | switch(utype) { | 712 | switch(utype) { |
| @@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 796 | 798 | ||
| 797 | ret = 1; | 799 | ret = 1; |
| 798 | err: | 800 | err: |
| 799 | if(!ret) ASN1_TYPE_free(typ); | 801 | if(!ret) |
| 802 | { | ||
| 803 | ASN1_TYPE_free(typ); | ||
| 804 | if (opval) | ||
| 805 | *opval = NULL; | ||
| 806 | } | ||
| 800 | return ret; | 807 | return ret; |
| 801 | } | 808 | } |
| 802 | 809 | ||
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 552d1e7251..04997ba456 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 674 | ok=(*cb)(0,ctx); | 674 | ok=(*cb)(0,ctx); |
| 675 | if (!ok) goto end; | 675 | if (!ok) goto end; |
| 676 | } | 676 | } |
| 677 | if (X509_verify(xs,pkey) <= 0) | 677 | else if (X509_verify(xs,pkey) <= 0) |
| 678 | /* XXX For the final trusted self-signed cert, | 678 | /* XXX For the final trusted self-signed cert, |
| 679 | * this is a waste of time. That check should | 679 | * this is a waste of time. That check should |
| 680 | * optional so that e.g. 'openssl x509' can be | 680 | * optional so that e.g. 'openssl x509' can be |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index 60f36bb958..aed2895400 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c | |||
| @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, | |||
| 104 | l<<=7L; | 104 | l<<=7L; |
| 105 | l|= *(p++)&0x7f; | 105 | l|= *(p++)&0x7f; |
| 106 | if (--max == 0) goto err; | 106 | if (--max == 0) goto err; |
| 107 | if (l > (INT_MAX >> 7L)) goto err; | ||
| 107 | } | 108 | } |
| 108 | l<<=7L; | 109 | l<<=7L; |
| 109 | l|= *(p++)&0x7f; | 110 | l|= *(p++)&0x7f; |
| 110 | tag=(int)l; | 111 | tag=(int)l; |
| 112 | if (--max == 0) goto err; | ||
| 111 | } | 113 | } |
| 112 | else | 114 | else |
| 113 | { | 115 | { |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 76fc023230..2426cb6253 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl | |||
| 691 | 691 | ||
| 692 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) | 692 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) |
| 693 | { | 693 | { |
| 694 | ASN1_VALUE **opval = NULL; | ||
| 694 | ASN1_STRING *stmp; | 695 | ASN1_STRING *stmp; |
| 695 | ASN1_TYPE *typ = NULL; | 696 | ASN1_TYPE *typ = NULL; |
| 696 | int ret = 0; | 697 | int ret = 0; |
| @@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 705 | *pval = (ASN1_VALUE *)typ; | 706 | *pval = (ASN1_VALUE *)typ; |
| 706 | } else typ = (ASN1_TYPE *)*pval; | 707 | } else typ = (ASN1_TYPE *)*pval; |
| 707 | if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); | 708 | if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); |
| 709 | opval = pval; | ||
| 708 | pval = (ASN1_VALUE **)&typ->value.ptr; | 710 | pval = (ASN1_VALUE **)&typ->value.ptr; |
| 709 | } | 711 | } |
| 710 | switch(utype) { | 712 | switch(utype) { |
| @@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 796 | 798 | ||
| 797 | ret = 1; | 799 | ret = 1; |
| 798 | err: | 800 | err: |
| 799 | if(!ret) ASN1_TYPE_free(typ); | 801 | if(!ret) |
| 802 | { | ||
| 803 | ASN1_TYPE_free(typ); | ||
| 804 | if (opval) | ||
| 805 | *opval = NULL; | ||
| 806 | } | ||
| 800 | return ret; | 807 | return ret; |
| 801 | } | 808 | } |
| 802 | 809 | ||
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 552d1e7251..04997ba456 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 674 | ok=(*cb)(0,ctx); | 674 | ok=(*cb)(0,ctx); |
| 675 | if (!ok) goto end; | 675 | if (!ok) goto end; |
| 676 | } | 676 | } |
| 677 | if (X509_verify(xs,pkey) <= 0) | 677 | else if (X509_verify(xs,pkey) <= 0) |
| 678 | /* XXX For the final trusted self-signed cert, | 678 | /* XXX For the final trusted self-signed cert, |
| 679 | * this is a waste of time. That check should | 679 | * this is a waste of time. That check should |
| 680 | * optional so that e.g. 'openssl x509' can be | 680 | * optional so that e.g. 'openssl x509' can be |