Recent changes.

This commit is contained in:
Richard Levitte 2002-08-08 20:11:31 +00:00
parent 1ce60f02d3
commit bfce617770
2 changed files with 11 additions and 4 deletions

View file

@ -4,6 +4,12 @@
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).

View file

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
@ -124,7 +125,7 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
(int)(omax+ *pp));
#endif
if (*plength > (omax - (*pp - p)))
if (*plength > (omax - (p - *pp)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
@ -141,7 +142,7 @@ err:
static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
{
unsigned char *p= *pp;
long ret=0;
unsigned long ret=0;
int i;
if (max-- < 1) return(0);
@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
else
ret=i;
}
if (ret < 0)
if (ret > LONG_MAX)
return 0;
*pp=p;
*rl=ret;
*rl=(long)ret;
return(1);
}