Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
libopenssl0_9_8
0001-Fix-buffer-overrun-in-ASN1_parse.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-buffer-overrun-in-ASN1_parse.patch of Package libopenssl0_9_8
From 697283ba418b21c4c0682d7050264b492e2ea4e2 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni <openssl-users@dukhovni.org> Date: Tue, 19 Apr 2016 22:23:24 -0400 Subject: [PATCH] Fix buffer overrun in ASN1_parse(). Backport of commits: 79c7f74d6cefd5d32fa20e69195ad3de834ce065 bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 from master. Reviewed-by: Matt Caswell <matt@openssl.org> --- crypto/asn1/asn1_lib.c | 18 +++++++----------- crypto/asn1/asn1_par.c | 17 +++++++++++++---- 2 files changed, 20 insertions(+), 15 deletions(-) Index: openssl-0.9.8zh/crypto/asn1/asn1_lib.c =================================================================== --- openssl-0.9.8zh.orig/crypto/asn1/asn1_lib.c 2016-05-03 17:40:38.743725669 +0200 +++ openssl-0.9.8zh/crypto/asn1/asn1_lib.c 2016-05-03 17:43:49.286728306 +0200 @@ -63,7 +63,7 @@ #include <openssl/asn1_mac.h> static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max); + long max); static void asn1_put_length(unsigned char **pp, int length); const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; @@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char } *ptag = tag; *pclass = xclass; - if (!asn1_get_length(&p, &inf, plength, (int)max)) + if (!asn1_get_length(&p, &inf, plength, max)) goto err; if (inf && !(ret & V_ASN1_CONSTRUCTED)) @@ -159,11 +159,11 @@ int ASN1_get_object(const unsigned char } static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max) + long max) { const unsigned char *p = *pp; unsigned long ret = 0; - unsigned int i; + unsigned long i; if (max-- < 1) return (0); @@ -175,15 +175,11 @@ static int asn1_get_length(const unsigne *inf = 0; i = *p & 0x7f; if (*(p++) & 0x80) { - if (i > sizeof(long)) + if (i > sizeof(ret) || max < i) return 0; - if (max-- == 0) - return (0); while (i-- > 0) { ret <<= 8L; ret |= *(p++); - if (max-- == 0) - return (0); } } else ret = i; Index: openssl-0.9.8zh/crypto/asn1/asn1_par.c =================================================================== --- openssl-0.9.8zh.orig/crypto/asn1/asn1_par.c 2016-05-03 17:40:38.743725669 +0200 +++ openssl-0.9.8zh/crypto/asn1/asn1_par.c 2016-05-03 17:51:25.504916639 +0200 @@ -179,6 +179,7 @@ static int asn1_parse2(BIO *bp, const un if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { + const unsigned char *sp; ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; @@ -188,6 +189,7 @@ static int asn1_parse2(BIO *bp, const un goto end; } if ((j == 0x21) && (len == 0)) { + sp = p; for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), offset + (p - *pp), depth + 1, @@ -196,18 +198,25 @@ static int asn1_parse2(BIO *bp, const un ret = 0; goto end; } - if ((r == 2) || (p >= tot)) - break; + if ((r == 2) || (p >= tot)) + { + len = p - sp; + break; + } } - } else + } else { + long tmp = len; while (p < ep) { - r = asn1_parse2(bp, &p, (long)len, + sp = p; + r=asn1_parse2(bp,&p,tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } + tmp -= p - sp; + } } } else if (xclass != 0) { p += len;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
