Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/crypto/dist/openssl/crypto Apply patch (requested by ch...
details: https://anonhg.NetBSD.org/src/rev/636b8174b53f
branches: netbsd-1-6
changeset: 530760:636b8174b53f
user: tron <tron%NetBSD.org@localhost>
date: Wed Oct 01 15:04:30 2003 +0000
description:
Apply patch (requested by christos in ticket #1492):
Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
diffstat:
crypto/dist/openssl/crypto/asn1/asn1_lib.c | 2 ++
crypto/dist/openssl/crypto/x509/x509_vfy.c | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
diffs (28 lines):
diff -r 82b6ae3e6eba -r 636b8174b53f crypto/dist/openssl/crypto/asn1/asn1_lib.c
--- a/crypto/dist/openssl/crypto/asn1/asn1_lib.c Wed Oct 01 06:10:08 2003 +0000
+++ b/crypto/dist/openssl/crypto/asn1/asn1_lib.c Wed Oct 01 15:04:30 2003 +0000
@@ -104,10 +104,12 @@
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
diff -r 82b6ae3e6eba -r 636b8174b53f crypto/dist/openssl/crypto/x509/x509_vfy.c
--- a/crypto/dist/openssl/crypto/x509/x509_vfy.c Wed Oct 01 06:10:08 2003 +0000
+++ b/crypto/dist/openssl/crypto/x509/x509_vfy.c Wed Oct 01 15:04:30 2003 +0000
@@ -490,7 +490,7 @@
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
- if (X509_verify(xs,pkey) <= 0)
+ else if (X509_verify(xs,pkey) <= 0)
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
Home |
Main Index |
Thread Index |
Old Index