diff options
Diffstat (limited to 'main/openssl/crypto/asn1')
-rw-r--r-- | main/openssl/crypto/asn1/a_object.c | 30 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/a_strex.c | 1 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/a_utctm.c | 24 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/ameth_lib.c | 7 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/asn1_lib.c | 3 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/asn_mime.c | 2 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/asn_pack.c | 12 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/bio_asn1.c | 3 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/charmap.pl | 3 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/evp_asn1.c | 6 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/t_x509.c | 2 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/tasn_enc.c | 7 | ||||
-rw-r--r-- | main/openssl/crypto/asn1/x_crl.c | 1 |
13 files changed, 82 insertions, 19 deletions
diff --git a/main/openssl/crypto/asn1/a_object.c b/main/openssl/crypto/asn1/a_object.c index 3978c915..77b27689 100644 --- a/main/openssl/crypto/asn1/a_object.c +++ b/main/openssl/crypto/asn1/a_object.c @@ -283,17 +283,29 @@ err: ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, data = (unsigned char *)ret->data; ret->data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret->length < len)) + if ((data == NULL) || (ret->length < length)) { ret->length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret->data =data; - ret->length=(int)len; + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; diff --git a/main/openssl/crypto/asn1/a_strex.c b/main/openssl/crypto/asn1/a_strex.c index ead37ac3..8fb4193b 100644 --- a/main/openssl/crypto/asn1/a_strex.c +++ b/main/openssl/crypto/asn1/a_strex.c @@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) mbflag |= MBSTRING_FLAG; stmp.data = NULL; stmp.length = 0; + stmp.flags = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; diff --git a/main/openssl/crypto/asn1/a_utctm.c b/main/openssl/crypto/asn1/a_utctm.c index 072e2365..bbdc9b32 100644 --- a/main/openssl/crypto/asn1/a_utctm.c +++ b/main/openssl/crypto/asn1/a_utctm.c @@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, struct tm *ts; struct tm data; size_t len = 20; + int free_s = 0; if (s == NULL) + { + free_s = 1; s=M_ASN1_UTCTIME_new(); + } if (s == NULL) - return(NULL); + goto err; + ts=OPENSSL_gmtime(&t, &data); if (ts == NULL) - return(NULL); + goto err; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; + goto err; } if((ts->tm_year < 50) || (ts->tm_year >= 150)) - return NULL; + goto err; p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) @@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, if (p == NULL) { ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE); - return(NULL); + goto err; } if (s->data != NULL) OPENSSL_free(s->data); @@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, ebcdic2ascii(s->data, s->data, s->length); #endif return(s); + err: + if (free_s && s) + M_ASN1_UTCTIME_free(s); + return NULL; } @@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) t -= offset*60; /* FIXME: may overflow in extreme cases */ tm = OPENSSL_gmtime(&t, &data); + /* NB: -1, 0, 1 already valid return values so use -2 to + * indicate error. + */ + if (tm == NULL) + return -2; #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); diff --git a/main/openssl/crypto/asn1/ameth_lib.c b/main/openssl/crypto/asn1/ameth_lib.c index a19e058f..ef153d46 100644 --- a/main/openssl/crypto/asn1/ameth_lib.c +++ b/main/openssl/crypto/asn1/ameth_lib.c @@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from) if (!ameth) return 0; ameth->pkey_base_id = to; - return EVP_PKEY_asn1_add0(ameth); + if (!EVP_PKEY_asn1_add0(ameth)) + { + EVP_PKEY_asn1_free(ameth); + return 0; + } + return 1; } int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, diff --git a/main/openssl/crypto/asn1/asn1_lib.c b/main/openssl/crypto/asn1/asn1_lib.c index 1bcb44ae..fa04b08e 100644 --- a/main/openssl/crypto/asn1/asn1_lib.c +++ b/main/openssl/crypto/asn1/asn1_lib.c @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), diff --git a/main/openssl/crypto/asn1/asn_mime.c b/main/openssl/crypto/asn1/asn_mime.c index 54a704a9..13d003bc 100644 --- a/main/openssl/crypto/asn1/asn_mime.c +++ b/main/openssl/crypto/asn1/asn_mime.c @@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; diff --git a/main/openssl/crypto/asn1/asn_pack.c b/main/openssl/crypto/asn1/asn_pack.c index ad738217..00dbf5ad 100644 --- a/main/openssl/crypto/asn1/asn_pack.c +++ b/main/openssl/crypto/asn1/asn_pack.c @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif diff --git a/main/openssl/crypto/asn1/bio_asn1.c b/main/openssl/crypto/asn1/bio_asn1.c index dc7efd55..bca4eebf 100644 --- a/main/openssl/crypto/asn1/bio_asn1.c +++ b/main/openssl/crypto/asn1/bio_asn1.c @@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b) if (!ctx) return 0; if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) + { + OPENSSL_free(ctx); return 0; + } b->init = 1; b->ptr = (char *)ctx; b->flags = 0; diff --git a/main/openssl/crypto/asn1/charmap.pl b/main/openssl/crypto/asn1/charmap.pl index 2875c598..25ebf2c2 100644 --- a/main/openssl/crypto/asn1/charmap.pl +++ b/main/openssl/crypto/asn1/charmap.pl @@ -1,5 +1,8 @@ #!/usr/local/bin/perl -w +# Written by Dr Stephen N Henson (steve@openssl.org). +# Licensed under the terms of the OpenSSL license. + use strict; my ($i, @arr); diff --git a/main/openssl/crypto/asn1/evp_asn1.c b/main/openssl/crypto/asn1/evp_asn1.c index f3d98048..1b944597 100644 --- a/main/openssl/crypto/asn1/evp_asn1.c +++ b/main/openssl/crypto/asn1/evp_asn1.c @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } diff --git a/main/openssl/crypto/asn1/t_x509.c b/main/openssl/crypto/asn1/t_x509.c index edbb39a0..8e961f5e 100644 --- a/main/openssl/crypto/asn1/t_x509.c +++ b/main/openssl/crypto/asn1/t_x509.c @@ -475,6 +475,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); diff --git a/main/openssl/crypto/asn1/tasn_enc.c b/main/openssl/crypto/asn1/tasn_enc.c index 936ad1f7..1390e5e6 100644 --- a/main/openssl/crypto/asn1/tasn_enc.c +++ b/main/openssl/crypto/asn1/tasn_enc.c @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ diff --git a/main/openssl/crypto/asn1/x_crl.c b/main/openssl/crypto/asn1/x_crl.c index c51c690b..3f03efbe 100644 --- a/main/openssl/crypto/asn1/x_crl.c +++ b/main/openssl/crypto/asn1/x_crl.c @@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { /* We handle IDP and deltas */ if ((nid == NID_issuing_distribution_point) + || (nid == NID_authority_key_identifier) || (nid == NID_delta_crl)) break;; crl->flags |= EXFLAG_CRITICAL; |