From 4d64565b055a8c6210e8b50ccc27e0c6a5473ece Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Mon, 23 Dec 2024 09:05:27 +0000 Subject: Fix the error handling in X509V3_parse_list(3); it ignored failures of the internal subroutine X509V3_add_value(), which could result in silently losing part of the input data on memory exhaustion. I independently rediscovered this bug while writing the documentation, then noticed after fixing it that Zhou Qingyang fixed it in essentially the same way in OpenSSL 3 (commit bcd5645b on Apr 11 02:05:19 2022 +0800), but it wasn't backported to the OpenSSL 1.1.1 branch. OK tb@ --- src/lib/libcrypto/x509/x509_utl.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c index f327e9fca7..64dc1068b7 100644 --- a/src/lib/libcrypto/x509/x509_utl.c +++ b/src/lib/libcrypto/x509/x509_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_utl.c,v 1.22 2024/08/31 18:38:46 tb Exp $ */ +/* $OpenBSD: x509_utl.c,v 1.23 2024/12/23 09:05:27 schwarze Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -391,7 +391,8 @@ X509V3_parse_list(const char *line) X509V3error(X509V3_R_INVALID_NULL_NAME); goto err; } - X509V3_add_value(ntmp, NULL, &values); + if (!X509V3_add_value(ntmp, NULL, &values)) + goto err; } break; @@ -404,7 +405,8 @@ X509V3_parse_list(const char *line) X509V3error(X509V3_R_INVALID_NULL_VALUE); goto err; } - X509V3_add_value(ntmp, vtmp, &values); + if (!X509V3_add_value(ntmp, vtmp, &values)) + goto err; ntmp = NULL; q = p + 1; } @@ -418,14 +420,16 @@ X509V3_parse_list(const char *line) X509V3error(X509V3_R_INVALID_NULL_VALUE); goto err; } - X509V3_add_value(ntmp, vtmp, &values); + if (!X509V3_add_value(ntmp, vtmp, &values)) + goto err; } else { ntmp = strip_spaces(q); if (!ntmp) { X509V3error(X509V3_R_INVALID_NULL_NAME); goto err; } - X509V3_add_value(ntmp, NULL, &values); + if (!X509V3_add_value(ntmp, NULL, &values)) + goto err; } free(linebuf); return values; @@ -434,7 +438,6 @@ X509V3_parse_list(const char *line) free(linebuf); sk_CONF_VALUE_pop_free(values, X509V3_conf_free); return NULL; - } LCRYPTO_ALIAS(X509V3_parse_list); -- cgit v1.2.3-55-g6feb