mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix seg fault in TS_RESP_verify_response()

Browse Source 
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-06-10 14:25:15 +01:00
parent 73159f403e
commit e68a780ed6
1 changed files with 15 additions and 8 deletions

23
crypto/ts/ts_rsp_verify.c
View File

@ -347,36 +347,43 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
unsigned char *imprint = NULL; unsigned char *imprint = NULL;
unsigned imprint_len = 0; unsigned imprint_len = 0;
int ret = 0; int ret = 0;
int flags = ctx->flags;
if ((ctx->flags & TS_VFY_SIGNATURE) /* Some options require us to also check the signature */
if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
|| (flags & TS_VFY_TSA_NAME)) {
flags |= TS_VFY_SIGNATURE;
}
if ((flags & TS_VFY_SIGNATURE)
&& !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
goto err; goto err;
if ((ctx->flags & TS_VFY_VERSION) if ((flags & TS_VFY_VERSION)
&& TS_TST_INFO_get_version(tst_info) != 1) { && TS_TST_INFO_get_version(tst_info) != 1) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
goto err; goto err;
} }
if ((ctx->flags & TS_VFY_POLICY) if ((flags & TS_VFY_POLICY)
&& !ts_check_policy(ctx->policy, tst_info)) && !ts_check_policy(ctx->policy, tst_info))
goto err; goto err;
if ((ctx->flags & TS_VFY_IMPRINT) if ((flags & TS_VFY_IMPRINT)
&& !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
tst_info)) tst_info))
goto err; goto err;
if ((ctx->flags & TS_VFY_DATA) if ((flags & TS_VFY_DATA)
&& (!ts_compute_imprint(ctx->data, tst_info, && (!ts_compute_imprint(ctx->data, tst_info,
&md_alg, &imprint, &imprint_len) &md_alg, &imprint, &imprint_len)
|| !ts_check_imprints(md_alg, imprint, imprint_len, tst_info))) || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
goto err; goto err;
if ((ctx->flags & TS_VFY_NONCE) if ((flags & TS_VFY_NONCE)
&& !ts_check_nonces(ctx->nonce, tst_info)) && !ts_check_nonces(ctx->nonce, tst_info))
goto err; goto err;
if ((ctx->flags & TS_VFY_SIGNER) if ((flags & TS_VFY_SIGNER)
&& tsa_name && !ts_check_signer_name(tsa_name, signer)) { && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
goto err; goto err;
} }
if ((ctx->flags & TS_VFY_TSA_NAME) if ((flags & TS_VFY_TSA_NAME)
&& !ts_check_signer_name(ctx->tsa_name, signer)) { && !ts_check_signer_name(ctx->tsa_name, signer)) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
goto err; goto err;