mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
a552c23c65
In the event that a config file contains this sequence: ======= openssl_conf = openssl_init config_diagnostics = 1 [openssl_init] oid_section = oids [oids] testoid1 = 1.2.3.4.1 testoid2 = A Very Long OID Name, 1.2.3.4.2 testoid3 = ,1.2.3.4.3 ====== The leading comma in testoid3 can cause a heap buffer overflow, as the parsing code will move the string pointer back 1 character, thereby pointing to an invalid memory space correct the parser to detect this condition and handle it by treating it as if the comma doesn't exist (i.e. an empty long oid name) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22957)
27 lines
791 B
Perl
27 lines
791 B
Perl
#! /usr/bin/env perl
|
|
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
use strict;
|
|
use OpenSSL::Test qw(:DEFAULT srctop_file);
|
|
use OpenSSL::Test::Utils;
|
|
|
|
setup("test_asn1_parse");
|
|
|
|
plan tests => 3;
|
|
|
|
$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf");
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
'-genstr', 'OID:1.2.3.4.1']))));
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
'-genstr', 'OID:1.2.3.4.2']))));
|
|
|
|
ok(run(app(([ 'openssl', 'asn1parse',
|
|
'-genstr', 'OID:1.2.3.4.3']))));
|