/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3508.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3508.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Sep 2 22:20:54 2014 UTC (10 years, 3 months ago) by charliebrady
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-31_1_el5_sme, openssl-0_9_8e-33_1_el5_sme, HEAD
Extracted from openssl-0.9.8e-27.el5_10.4.src.rpm

1 diff -up openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling openssl-fips-0.9.8e/crypto/asn1/a_object.c
2 --- openssl-fips-0.9.8e/crypto/asn1/a_object.c.oid-handling 2006-02-21 02:00:47.000000000 +0100
3 +++ openssl-fips-0.9.8e/crypto/asn1/a_object.c 2014-08-08 11:41:54.998379046 +0200
4 @@ -284,12 +284,35 @@ err:
5 ASN1_OBJECT_free(ret);
6 return(NULL);
7 }
8 +
9 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
10 long len)
11 {
12 ASN1_OBJECT *ret=NULL;
13 const unsigned char *p;
14 - int i;
15 + int i, length;
16 +
17 + /* Sanity check OID encoding.
18 + * Need at least one content octet.
19 + * MSB must be clear in the last octet.
20 + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
21 + */
22 + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
23 + p[len - 1] & 0x80)
24 + {
25 + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR);
26 + return NULL;
27 + }
28 + /* Now 0 < len <= INT_MAX, so the cast is safe. */
29 + length = (int)len;
30 + for (i = 0; i < length; i++, p++)
31 + {
32 + if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
33 + {
34 + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_DECODING_ERROR);
35 + return NULL;
36 + }
37 + }
38
39 /* only the ASN1_OBJECTs from the 'table' will have values
40 * for ->sn or ->ln */
41 @@ -301,20 +324,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT
42 else ret=(*a);
43
44 p= *pp;
45 - if ((ret->data == NULL) || (ret->length < len))
46 + if ((ret->data == NULL) || (ret->length < length))
47 {
48 if (ret->data != NULL) OPENSSL_free(ret->data);
49 - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
50 + ret->data=(unsigned char *)OPENSSL_malloc(length);
51 ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
52 if (ret->data == NULL)
53 { i=ERR_R_MALLOC_FAILURE; goto err; }
54 }
55 - memcpy(ret->data,p,(int)len);
56 - ret->length=(int)len;
57 + memcpy(ret->data,p,length);
58 + ret->length=length;
59 ret->sn=NULL;
60 ret->ln=NULL;
61 /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
62 - p+=len;
63 + p+=length;
64
65 if (a != NULL) (*a)=ret;
66 *pp=p;
67 diff -up openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling openssl-fips-0.9.8e/crypto/objects/obj_dat.c
68 --- openssl-fips-0.9.8e/crypto/objects/obj_dat.c.oid-handling 2006-02-15 16:03:47.000000000 +0100
69 +++ openssl-fips-0.9.8e/crypto/objects/obj_dat.c 2014-08-08 11:36:22.487886979 +0200
70 @@ -443,11 +443,12 @@ int OBJ_obj2txt(char *buf, int buf_len,
71 unsigned char *p;
72 char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
73
74 - if ((a == NULL) || (a->data == NULL)) {
75 - buf[0]='\0';
76 - return(0);
77 - }
78 + /* Ensure that, at every state, |buf| is NUL-terminated. */
79 + if (buf && buf_len > 0)
80 + buf[0] = '\0';
81
82 + if ((a == NULL) || (a->data == NULL))
83 + return(0);
84
85 if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
86 {
87 @@ -523,9 +524,10 @@ int OBJ_obj2txt(char *buf, int buf_len,
88 i=(int)(l/40);
89 l-=(long)(i*40);
90 }
91 - if (buf && (buf_len > 0))
92 + if (buf && (buf_len > 1))
93 {
94 *buf++ = i + '0';
95 + *buf = '\0';
96 buf_len--;
97 }
98 n++;
99 @@ -540,9 +542,10 @@ int OBJ_obj2txt(char *buf, int buf_len,
100 i = strlen(bndec);
101 if (buf)
102 {
103 - if (buf_len > 0)
104 + if (buf_len > 1)
105 {
106 *buf++ = '.';
107 + *buf = '\0';
108 buf_len--;
109 }
110 BUF_strlcpy(buf,bndec,buf_len);
111 @@ -782,4 +785,3 @@ err:
112 OPENSSL_free(buf);
113 return(ok);
114 }
115 -

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed