mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
02db7354fe
openssl/crypto/x509
History
Rich Salz 02db7354fe Fix bug in X509_print_ex 
If the user set nmflags == XN_FLAG_COMPAT and X509_NAME_print_ex(3)
failed, the error return value of 0 was misinterpreted as an indicator
of success, causing X509_print_ex(3) to ignore the error, continue
printing, and potentially return successfully even though not all
the content of the certificate was printed.

The X509_NAME_print_ex(3) manual page explains that this function
indicates failure by returning 0 if nmflags == XN_FLAG_COMPAT
and by returning -1 if nmflags != XN_FLAG_COMPAT.

Note that just checking for <= 0 in all cases would not be correct
either because X509_NAME_print_ex(3) returns 0 to indicate that it
successfully printed zero bytes in some cases, for example when all
three of the following conditions hold:
1. nmflags != XN_FLAG_COMPAT
2. indent == 0 (which X509_print_ex(3) does use in some cases)
3. the name object is NULL or empty

Thanks to Ingo Schwarze <schwarze@openbsd.org> for finding the bug,
and Joel Sing <jsing@openbsd.org> for contributing an idea for the
fix.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16009)
2021-07-08 11:46:19 +10:00
..
build.info x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
by_dir.c
by_file.c Update copyright year 2021-05-20 14:22:33 +01:00
by_store.c Make the -inform option to be respected if possible 2021-05-06 11:43:32 +01:00
ext_dat.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_cache.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_data.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_lib.c
pcy_local.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_map.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_node.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_tree.c
standard_exts.h Update copyright year 2021-04-08 13:04:41 +01:00
t_crl.c Update copyright year 2021-05-06 13:03:23 +01:00
t_req.c Add X509 version constants. 2021-04-28 11:40:06 +02:00
t_x509.c Fix bug in X509_print_ex 2021-07-08 11:46:19 +10:00
v3_addr.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_admis.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_admis.h
v3_akeya.c
v3_akid.c
v3_asid.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_bcons.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_bitst.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_conf.c Add NCONF_get_section_names() 2021-06-02 12:40:02 +10:00
v3_cpols.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_crld.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_enum.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_extku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_genn.c
v3_ia5.c Add more negative checks for integers passed to OPENSSL_malloc(). 2021-04-16 12:10:08 +10:00
v3_info.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_int.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_ist.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_lib.c
v3_ncons.c Check that we got the expected name type when verifying name constraints 2021-06-04 17:18:31 +01:00
v3_pci.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pcia.c
v3_pcons.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pmaps.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_prn.c
v3_purp.c Improve the documentation of cert path building and validation 2021-06-08 07:47:41 +02:00
v3_san.c
v3_skid.c x509: remove most references to EVP_sha1() 2021-04-21 09:27:51 +10:00
v3_sxnet.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_tlsf.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_utf8.c
v3_utl.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_att.c Update copyright year 2021-04-08 13:04:41 +01:00
x509_cmp.c x509: improve error reporting 2021-06-30 13:53:49 +10:00
x509_d2.c
x509_def.c
x509_err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_ext.c
x509_local.h Update copyright year 2021-04-08 13:04:41 +01:00
x509_lu.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
x509_meth.c
x509_obj.c
x509_r2x.c
x509_req.c
x509_set.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
x509_trust.c x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
x509_txt.c
x509_v3.c
x509_vfy.c cross-reference the DH and RSA SECLEVEL to level of security mappings 2021-06-23 09:26:15 +10:00
x509_vpm.c Inherit hostflags verify params even without hosts 2021-04-09 08:32:38 +10:00
x509cset.c Update copyright year 2021-04-08 13:04:41 +01:00
x509name.c
x509rset.c
x509spki.c Update copyright year 2021-04-22 14:38:44 +01:00
x509type.c Update copyright year 2021-06-17 13:24:59 +01:00
x_all.c X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default 2021-06-16 14:30:35 +01:00
x_attrib.c
x_crl.c Add some additional NULL checks to prevent segfaults. 2021-04-14 16:05:00 +10:00
x_exten.c
x_name.c Update copyright year 2021-04-22 14:38:44 +01:00
x_pubkey.c coverity #1486531: return error properly from x509_pubkey_ex_new_ex() 2021-06-29 18:41:45 +02:00
x_req.c Ensure libctx/propq is propagated when handling X509_REQ 2021-06-05 17:39:27 +10:00
x_x509.c d2i_X509: revert calling X509v3_cache_extensions() 2021-06-12 10:37:04 +02:00
x_x509a.c x509: address NULL dereference and memory leaks 2021-06-26 11:33:52 +10:00