mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
682fd21afb
If a malformed config file is provided such as the following: openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] = provider_sect The config parsing library will crash overflowing the stack, as it recursively parses the same provider_sect ad nauseum. Prevent this by maintaing a list of visited nodes as we recurse through referenced sections, and erroring out in the event we visit any given section node more than once. Note, adding the test for this revealed that our diagnostic code inadvertently pops recorded errors off the error stack because provider_conf_load returns success even in the event that a configuration parse failed. The call path to provider_conf_load has been updated in this commit to address that shortcoming, allowing recorded errors to be visibile to calling applications. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22898)
92 lines
2.1 KiB
C
92 lines
2.1 KiB
C
/*
|
|
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/conf.h>
|
|
#include "testutil.h"
|
|
|
|
static char *configfile = NULL;
|
|
static char *recurseconfigfile = NULL;
|
|
|
|
/*
|
|
* Test to make sure there are no leaks or failures from loading the config
|
|
* file twice.
|
|
*/
|
|
static int test_double_config(void)
|
|
{
|
|
OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
|
|
int testresult = 0;
|
|
EVP_MD *sha256 = NULL;
|
|
|
|
if (!TEST_ptr(configfile))
|
|
return 0;
|
|
if (!TEST_ptr(ctx))
|
|
return 0;
|
|
|
|
if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
|
|
return 0;
|
|
if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
|
|
return 0;
|
|
|
|
/* Check we can actually fetch something */
|
|
sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
|
|
if (!TEST_ptr(sha256))
|
|
goto err;
|
|
|
|
testresult = 1;
|
|
err:
|
|
EVP_MD_free(sha256);
|
|
OSSL_LIB_CTX_free(ctx);
|
|
return testresult;
|
|
}
|
|
|
|
static int test_recursive_config(void)
|
|
{
|
|
OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
|
|
int testresult = 0;
|
|
unsigned long err;
|
|
|
|
if (!TEST_ptr(recurseconfigfile))
|
|
goto err;
|
|
|
|
if (!TEST_ptr(ctx))
|
|
goto err;
|
|
|
|
if (!TEST_false(OSSL_LIB_CTX_load_config(ctx, recurseconfigfile)))
|
|
goto err;
|
|
|
|
err = ERR_peek_error();
|
|
/* We expect to get a recursion error here */
|
|
if (ERR_GET_REASON(err) == CONF_R_RECURSIVE_SECTION_REFERENCE)
|
|
testresult = 1;
|
|
err:
|
|
OSSL_LIB_CTX_free(ctx);
|
|
return testresult;
|
|
}
|
|
|
|
OPT_TEST_DECLARE_USAGE("configfile\n")
|
|
|
|
int setup_tests(void)
|
|
{
|
|
if (!test_skip_common_options()) {
|
|
TEST_error("Error parsing test options\n");
|
|
return 0;
|
|
}
|
|
|
|
if (!TEST_ptr(configfile = test_get_argument(0)))
|
|
return 0;
|
|
|
|
if (!TEST_ptr(recurseconfigfile = test_get_argument(1)))
|
|
return 0;
|
|
|
|
ADD_TEST(test_recursive_config);
|
|
ADD_TEST(test_double_config);
|
|
return 1;
|
|
}
|