/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0289.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0289.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Apr 15 14:21:07 2015 UTC (9 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: openssl-0_9_8e-33_1_el5_sme, HEAD
* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-33.1.sme
- update with ca-bundle.crt from SME 9 [SME: 8909]

1 vip-ire 1.1 diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c
2     --- openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref 2015-04-01 12:41:27.998402503 +0200
3     +++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c 2015-04-02 15:24:26.781363674 +0200
4     @@ -151,6 +151,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
5     EVP_PKEY *pkey;
6     ASN1_OCTET_STRING *os=NULL;
7    
8     + if (p7 == NULL)
9     + {
10     + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
11     + return NULL;
12     + }
13     + /*
14     + * The content field in the PKCS7 ContentInfo is optional, but that really
15     + * only applies to inner content (precisely, detached signatures).
16     + *
17     + * When reading content, missing outer content is therefore treated as an
18     + * error.
19     + *
20     + * When creating content, PKCS7_content_new() must be called before
21     + * calling this method, so a NULL p7->d is always an error.
22     + */
23     + if (p7->d.ptr == NULL)
24     + {
25     + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
26     + return NULL;
27     + }
28     +
29     i=OBJ_obj2nid(p7->type);
30     p7->state=PKCS7_S_HEADER;
31    
32     @@ -345,6 +366,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
33     X509_ALGOR *xalg=NULL;
34     PKCS7_RECIP_INFO *ri=NULL;
35    
36     + if (p7 == NULL)
37     + {
38     + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
39     + return NULL;
40     + }
41     +
42     + if (p7->d.ptr == NULL)
43     + {
44     + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
45     + return NULL;
46     + }
47     +
48     i=OBJ_obj2nid(p7->type);
49     p7->state=PKCS7_S_HEADER;
50    
51     @@ -352,6 +385,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
52     {
53     case NID_pkcs7_signed:
54     data_body=PKCS7_get_octet_string(p7->d.sign->contents);
55     + if (!PKCS7_is_detached(p7) && data_body == NULL)
56     + {
57     + PKCS7err(PKCS7_F_PKCS7_DATADECODE,
58     + PKCS7_R_NO_CONTENT);
59     + goto err;
60     + }
61     md_sk=p7->d.sign->md_algs;
62     break;
63     case NID_pkcs7_signedAndEnveloped:
64     @@ -640,6 +679,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
65     STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
66     ASN1_OCTET_STRING *os=NULL;
67    
68     + if (p7 == NULL)
69     + {
70     + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
71     + return 0;
72     + }
73     +
74     + if (p7->d.ptr == NULL)
75     + {
76     + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
77     + return 0;
78     + }
79     +
80     EVP_MD_CTX_init(&ctx_tmp);
81     i=OBJ_obj2nid(p7->type);
82     p7->state=PKCS7_S_HEADER;
83     @@ -671,6 +722,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
84     /* If detached data then the content is excluded */
85     if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
86     M_ASN1_OCTET_STRING_free(os);
87     + os = NULL;
88     p7->d.sign->contents->d.data = NULL;
89     }
90     break;
91     @@ -681,6 +733,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
92     if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
93     {
94     M_ASN1_OCTET_STRING_free(os);
95     + os = NULL;
96     p7->d.digest->contents->d.data = NULL;
97     }
98     break;
99     @@ -818,6 +871,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
100    
101     if (!PKCS7_is_detached(p7))
102     {
103     + /*
104     + * NOTE(emilia): I think we only reach os == NULL here because detached
105     + * digested data support is broken.
106     + */
107     + if (os == NULL)
108     + goto err;
109     btmp=BIO_find_type(bio,BIO_TYPE_MEM);
110     if (btmp == NULL)
111     {
112     @@ -852,6 +911,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
113     STACK_OF(X509) *cert;
114     X509 *x509;
115    
116     + if (p7 == NULL)
117     + {
118     + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
119     + return 0;
120     + }
121     +
122     + if (p7->d.ptr == NULL)
123     + {
124     + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
125     + return 0;
126     + }
127     +
128     if (PKCS7_type_is_signed(p7))
129     {
130     cert=p7->d.sign->cert;
131     diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c
132     --- openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref 2007-02-03 10:51:59.000000000 +0100
133     +++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_lib.c 2015-04-02 15:18:12.874970022 +0200
134     @@ -473,6 +473,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
135    
136     STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
137     {
138     + if (p7 == NULL || p7->d.ptr == NULL)
139     + return NULL;
140     if (PKCS7_type_is_signed(p7))
141     {
142     return(p7->d.sign->signer_info);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed