1 |
charliebrady |
1.1 |
diff -up openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling openssl-fips-0.9.8e/crypto/asn1/a_object.c |
2 |
|
|
--- openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling 2006-02-21 02:00:47.000000000 +0100 |
3 |
|
|
+++ openssl-fips-0.9.8e/crypto/asn1/a_object.c 2014-08-08 11:41:54.998379046 +0200 |
4 |
|
|
@@ -284,12 +284,35 @@ err: |
5 |
|
|
ASN1_OBJECT_free(ret); |
6 |
|
|
return(NULL); |
7 |
|
|
} |
8 |
|
|
+ |
9 |
|
|
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, |
10 |
|
|
long len) |
11 |
|
|
{ |
12 |
|
|
ASN1_OBJECT *ret=NULL; |
13 |
|
|
const unsigned char *p; |
14 |
|
|
- int i; |
15 |
|
|
+ int i, length; |
16 |
|
|
+ |
17 |
|
|
+ /* Sanity check OID encoding. |
18 |
|
|
+ * Need at least one content octet. |
19 |
|
|
+ * MSB must be clear in the last octet. |
20 |
|
|
+ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 |
21 |
|
|
+ */ |
22 |
|
|
+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || |
23 |
|
|
+ p[len - 1] & 0x80) |
24 |
|
|
+ { |
25 |
|
|
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR); |
26 |
|
|
+ return NULL; |
27 |
|
|
+ } |
28 |
|
|
+ /* Now 0 < len <= INT_MAX, so the cast is safe. */ |
29 |
|
|
+ length = (int)len; |
30 |
|
|
+ for (i = 0; i < length; i++, p++) |
31 |
|
|
+ { |
32 |
|
|
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80))) |
33 |
|
|
+ { |
34 |
|
|
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR); |
35 |
|
|
+ return NULL; |
36 |
|
|
+ } |
37 |
|
|
+ } |
38 |
|
|
|
39 |
|
|
/* only the ASN1_OBJECTs from the 'table' will have values |
40 |
|
|
* for ->sn or ->ln */ |
41 |
|
|
@@ -301,20 +324,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT |
42 |
|
|
else ret=(*a); |
43 |
|
|
|
44 |
|
|
p= *pp; |
45 |
|
|
- if ((ret->data == NULL) || (ret->length < len)) |
46 |
|
|
+ if ((ret->data == NULL) || (ret->length < length)) |
47 |
|
|
{ |
48 |
|
|
if (ret->data != NULL) OPENSSL_free(ret->data); |
49 |
|
|
- ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); |
50 |
|
|
+ ret->data=(unsigned char *)OPENSSL_malloc(length); |
51 |
|
|
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; |
52 |
|
|
if (ret->data == NULL) |
53 |
|
|
{ i=ERR_R_MALLOC_FAILURE; goto err; } |
54 |
|
|
} |
55 |
|
|
- memcpy(ret->data,p,(int)len); |
56 |
|
|
- ret->length=(int)len; |
57 |
|
|
+ memcpy(ret->data,p,length); |
58 |
|
|
+ ret->length=length; |
59 |
|
|
ret->sn=NULL; |
60 |
|
|
ret->ln=NULL; |
61 |
|
|
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ |
62 |
|
|
- p+=len; |
63 |
|
|
+ p+=length; |
64 |
|
|
|
65 |
|
|
if (a != NULL) (*a)=ret; |
66 |
|
|
*pp=p; |
67 |
|
|
diff -up openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling openssl-fips-0.9.8e/crypto/objects/obj_dat.c |
68 |
|
|
--- openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling 2006-02-15 16:03:47.000000000 +0100 |
69 |
|
|
+++ openssl-fips-0.9.8e/crypto/objects/obj_dat.c 2014-08-08 11:36:22.487886979 +0200 |
70 |
|
|
@@ -443,11 +443,12 @@ int OBJ_obj2txt(char *buf, int buf_len, |
71 |
|
|
unsigned char *p; |
72 |
|
|
char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; |
73 |
|
|
|
74 |
|
|
- if ((a == NULL) || (a->data == NULL)) { |
75 |
|
|
- buf[0]='\0'; |
76 |
|
|
- return(0); |
77 |
|
|
- } |
78 |
|
|
+ /* Ensure that, at every state, |buf| is NUL-terminated. */ |
79 |
|
|
+ if (buf && buf_len > 0) |
80 |
|
|
+ buf[0] = '\0'; |
81 |
|
|
|
82 |
|
|
+ if ((a == NULL) || (a->data == NULL)) |
83 |
|
|
+ return(0); |
84 |
|
|
|
85 |
|
|
if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) |
86 |
|
|
{ |
87 |
|
|
@@ -523,9 +524,10 @@ int OBJ_obj2txt(char *buf, int buf_len, |
88 |
|
|
i=(int)(l/40); |
89 |
|
|
l-=(long)(i*40); |
90 |
|
|
} |
91 |
|
|
- if (buf && (buf_len > 0)) |
92 |
|
|
+ if (buf && (buf_len > 1)) |
93 |
|
|
{ |
94 |
|
|
*buf++ = i + '0'; |
95 |
|
|
+ *buf = '\0'; |
96 |
|
|
buf_len--; |
97 |
|
|
} |
98 |
|
|
n++; |
99 |
|
|
@@ -540,9 +542,10 @@ int OBJ_obj2txt(char *buf, int buf_len, |
100 |
|
|
i = strlen(bndec); |
101 |
|
|
if (buf) |
102 |
|
|
{ |
103 |
|
|
- if (buf_len > 0) |
104 |
|
|
+ if (buf_len > 1) |
105 |
|
|
{ |
106 |
|
|
*buf++ = '.'; |
107 |
|
|
+ *buf = '\0'; |
108 |
|
|
buf_len--; |
109 |
|
|
} |
110 |
|
|
BUF_strlcpy(buf,bndec,buf_len); |
111 |
|
|
@@ -782,4 +785,3 @@ err: |
112 |
|
|
OPENSSL_free(buf); |
113 |
|
|
return(ok); |
114 |
|
|
} |
115 |
|
|
- |