mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
c4b2c53fad
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by: Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12052)
59 lines
1.5 KiB
C
59 lines
1.5 KiB
C
/*
|
|
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include "internal/cryptlib.h"
|
|
#include <openssl/objects.h>
|
|
#include <openssl/asn1t.h>
|
|
#include <openssl/x509.h>
|
|
#include "x509_local.h"
|
|
|
|
/*-
|
|
* X509_ATTRIBUTE: this has the following form:
|
|
*
|
|
* typedef struct x509_attributes_st
|
|
* {
|
|
* ASN1_OBJECT *object;
|
|
* STACK_OF(ASN1_TYPE) *set;
|
|
* } X509_ATTRIBUTE;
|
|
*
|
|
*/
|
|
|
|
ASN1_SEQUENCE(X509_ATTRIBUTE) = {
|
|
ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
|
|
ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
|
|
} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
|
|
|
|
IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
|
|
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
|
|
|
|
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
|
|
{
|
|
X509_ATTRIBUTE *ret = NULL;
|
|
ASN1_TYPE *val = NULL;
|
|
ASN1_OBJECT *oid;
|
|
|
|
if ((oid = OBJ_nid2obj(nid)) == NULL)
|
|
return NULL;
|
|
if ((ret = X509_ATTRIBUTE_new()) == NULL)
|
|
return NULL;
|
|
ret->object = oid;
|
|
if ((val = ASN1_TYPE_new()) == NULL)
|
|
goto err;
|
|
if (!sk_ASN1_TYPE_push(ret->set, val))
|
|
goto err;
|
|
|
|
ASN1_TYPE_set(val, atrtype, value);
|
|
return ret;
|
|
err:
|
|
X509_ATTRIBUTE_free(ret);
|
|
ASN1_TYPE_free(val);
|
|
return NULL;
|
|
}
|