From 5e5345d98de4daff42970efd7f3fab2802710b20 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Wed, 15 Jul 2015 16:45:24 +0000
Subject: Do not allow TS_check_signer_name() with signer == NULL from
 int_TS_RESP_verify_token(). Coverity CID 21710.

Looking further, int_TS_RESP_verify_token() will only initialize signer to
something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what?
TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX
constructor, explicitely clears this bit, with:
        ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
followed by more conditional flag clears.

Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This
is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will
happen.

ok beck@
---
 src/lib/libcrypto/ts/ts_rsp_verify.c         | 5 ++++-
 src/lib/libssl/src/crypto/ts/ts_rsp_verify.c | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index 25fc22dfaf..56397eeec3 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_verify.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: ts_rsp_verify.c,v 1.13 2015/07/15 16:45:24 miod Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -698,6 +698,9 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
 	int idx = -1;
 	int found = 0;
 
+	if (signer == NULL)
+		return 0;
+
 	/* Check the subject name first. */
 	if (tsa_name->type == GEN_DIRNAME &&
 	    X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c
index 25fc22dfaf..56397eeec3 100644
--- a/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c
+++ b/src/lib/libssl/src/crypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_verify.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: ts_rsp_verify.c,v 1.13 2015/07/15 16:45:24 miod Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -698,6 +698,9 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
 	int idx = -1;
 	int found = 0;
 
+	if (signer == NULL)
+		return 0;
+
 	/* Check the subject name first. */
 	if (tsa_name->type == GEN_DIRNAME &&
 	    X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
-- 
cgit v1.2.3-55-g6feb