/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3508.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3508.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Sep 2 22:20:54 2014 UTC (10 years, 3 months ago) by charliebrady
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-31_1_el5_sme, openssl-0_9_8e-33_1_el5_sme, HEAD
Extracted from openssl-0.9.8e-27.el5_10.4.src.rpm

1 charliebrady 1.1 diff -up openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling openssl-fips-0.9.8e/crypto/asn1/a_object.c
2     --- openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling 2006-02-21 02:00:47.000000000 +0100
3     +++ openssl-fips-0.9.8e/crypto/asn1/a_object.c 2014-08-08 11:41:54.998379046 +0200
4     @@ -284,12 +284,35 @@ err:
5     ASN1_OBJECT_free(ret);
6     return(NULL);
7     }
8     +
9     ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
10     long len)
11     {
12     ASN1_OBJECT *ret=NULL;
13     const unsigned char *p;
14     - int i;
15     + int i, length;
16     +
17     + /* Sanity check OID encoding.
18     + * Need at least one content octet.
19     + * MSB must be clear in the last octet.
20     + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
21     + */
22     + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
23     + p[len - 1] & 0x80)
24     + {
25     + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR);
26     + return NULL;
27     + }
28     + /* Now 0 < len <= INT_MAX, so the cast is safe. */
29     + length = (int)len;
30     + for (i = 0; i < length; i++, p++)
31     + {
32     + if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
33     + {
34     + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR);
35     + return NULL;
36     + }
37     + }
38    
39     /* only the ASN1_OBJECTs from the 'table' will have values
40     * for ->sn or ->ln */
41     @@ -301,20 +324,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT
42     else ret=(*a);
43    
44     p= *pp;
45     - if ((ret->data == NULL) || (ret->length < len))
46     + if ((ret->data == NULL) || (ret->length < length))
47     {
48     if (ret->data != NULL) OPENSSL_free(ret->data);
49     - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
50     + ret->data=(unsigned char *)OPENSSL_malloc(length);
51     ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
52     if (ret->data == NULL)
53     { i=ERR_R_MALLOC_FAILURE; goto err; }
54     }
55     - memcpy(ret->data,p,(int)len);
56     - ret->length=(int)len;
57     + memcpy(ret->data,p,length);
58     + ret->length=length;
59     ret->sn=NULL;
60     ret->ln=NULL;
61     /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
62     - p+=len;
63     + p+=length;
64    
65     if (a != NULL) (*a)=ret;
66     *pp=p;
67     diff -up openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling openssl-fips-0.9.8e/crypto/objects/obj_dat.c
68     --- openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling 2006-02-15 16:03:47.000000000 +0100
69     +++ openssl-fips-0.9.8e/crypto/objects/obj_dat.c 2014-08-08 11:36:22.487886979 +0200
70     @@ -443,11 +443,12 @@ int OBJ_obj2txt(char *buf, int buf_len,
71     unsigned char *p;
72     char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
73    
74     - if ((a == NULL) || (a->data == NULL)) {
75     - buf[0]='\0';
76     - return(0);
77     - }
78     + /* Ensure that, at every state, |buf| is NUL-terminated. */
79     + if (buf && buf_len > 0)
80     + buf[0] = '\0';
81    
82     + if ((a == NULL) || (a->data == NULL))
83     + return(0);
84    
85     if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
86     {
87     @@ -523,9 +524,10 @@ int OBJ_obj2txt(char *buf, int buf_len,
88     i=(int)(l/40);
89     l-=(long)(i*40);
90     }
91     - if (buf && (buf_len > 0))
92     + if (buf && (buf_len > 1))
93     {
94     *buf++ = i + '0';
95     + *buf = '\0';
96     buf_len--;
97     }
98     n++;
99     @@ -540,9 +542,10 @@ int OBJ_obj2txt(char *buf, int buf_len,
100     i = strlen(bndec);
101     if (buf)
102     {
103     - if (buf_len > 0)
104     + if (buf_len > 1)
105     {
106     *buf++ = '.';
107     + *buf = '\0';
108     buf_len--;
109     }
110     BUF_strlcpy(buf,bndec,buf_len);
111     @@ -782,4 +785,3 @@ err:
112     OPENSSL_free(buf);
113     return(ok);
114     }
115     -

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed