mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
c5dc9ab965
openssl/crypto/x509
History
Ingo Schwarze c5dc9ab965 Fix a read buffer overrun in X509_aux_print(). 
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.

I found this bug while writing manual pages for X509_print_ex(3)
and related functions.  Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see

http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)
2021-07-20 09:40:56 +02:00
..
build.info x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
by_dir.c Corrected missing definitions from NonStop SPT build. 2021-04-01 15:52:25 +02:00
by_file.c Update copyright year 2021-05-20 14:22:33 +01:00
by_store.c Make the -inform option to be respected if possible 2021-05-06 11:43:32 +01:00
ext_dat.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_cache.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_data.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_lib.c Fix safestack issues in x509v3.h 2020-09-13 11:09:45 +01:00
pcy_local.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_map.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_node.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_tree.c Add ossl_ symbol to x509 policy 2021-03-18 17:52:37 +10:00
standard_exts.h Update copyright year 2021-04-08 13:04:41 +01:00
t_crl.c Update copyright year 2021-05-06 13:03:23 +01:00
t_req.c Add X509 version constants. 2021-04-28 11:40:06 +02:00
t_x509.c Fix a read buffer overrun in X509_aux_print(). 2021-07-20 09:40:56 +02:00
v3_addr.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_admis.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_admis.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
v3_akeya.c Join the x509 and x509v3 directories 2019-05-29 09:32:50 +02:00
v3_akid.c Add ossl_v3 symbols 2021-03-18 17:52:37 +10:00
v3_asid.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_bcons.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_bitst.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_conf.c Add NCONF_get_section_names() 2021-06-02 12:40:02 +10:00
v3_cpols.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_crld.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_enum.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_extku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_genn.c Correctly compare EdiPartyName in GENERAL_NAME_cmp() 2020-12-08 10:16:50 +00:00
v3_ia5.c Add more negative checks for integers passed to OPENSSL_malloc(). 2021-04-16 12:10:08 +10:00
v3_info.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_int.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_ist.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_lib.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
v3_ncons.c Check that we got the expected name type when verifying name constraints 2021-06-04 17:18:31 +01:00
v3_pci.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pcia.c Join the x509 and x509v3 directories 2019-05-29 09:32:50 +02:00
v3_pcons.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pmaps.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_prn.c Fix safestack issues in conf.h 2020-09-13 11:11:20 +01:00
v3_purp.c Improve the documentation of cert path building and validation 2021-06-08 07:47:41 +02:00
v3_san.c Add ossl_v3 symbols 2021-03-18 17:52:37 +10:00
v3_skid.c x509: remove most references to EVP_sha1() 2021-04-21 09:27:51 +10:00
v3_sxnet.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_tlsf.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_utf8.c Add ossl_v3 symbols 2021-03-18 17:52:37 +10:00
v3_utl.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_att.c Update copyright year 2021-04-08 13:04:41 +01:00
x509_cmp.c x509: improve error reporting 2021-06-30 13:53:49 +10:00
x509_d2.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
x509_def.c
x509_err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_ext.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
x509_local.h Update copyright year 2021-04-08 13:04:41 +01:00
x509_lu.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
x509_meth.c Update copyright year 2020-11-26 14:18:57 +00:00
x509_obj.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_r2x.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_req.c Fix usages of const EVP_MD. 2021-03-22 15:40:04 +01:00
x509_set.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
x509_trust.c x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
x509_txt.c Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
x509_v3.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_vfy.c cross-reference the DH and RSA SECLEVEL to level of security mappings 2021-06-23 09:26:15 +10:00
x509_vpm.c Inherit hostflags verify params even without hosts 2021-04-09 08:32:38 +10:00
x509cset.c Update copyright year 2021-04-08 13:04:41 +01:00
x509name.c CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data() 2020-11-13 09:35:31 +01:00
x509rset.c Update copyright year 2020-04-23 13:55:52 +01:00
x509spki.c Update copyright year 2021-04-22 14:38:44 +01:00
x509type.c Update copyright year 2021-06-17 13:24:59 +01:00
x_all.c X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default 2021-06-16 14:30:35 +01:00
x_attrib.c Fix NULL pointer access caused by X509_ATTRIBUTE_create() 2020-12-21 15:25:59 +01:00
x_crl.c Add some additional NULL checks to prevent segfaults. 2021-04-14 16:05:00 +10:00
x_exten.c Reorganize local header files 2019-09-28 20:26:35 +02:00
x_name.c Update copyright year 2021-04-22 14:38:44 +01:00
x_pubkey.c coverity #1486531: return error properly from x509_pubkey_ex_new_ex() 2021-06-29 18:41:45 +02:00
x_req.c Ensure libctx/propq is propagated when handling X509_REQ 2021-06-05 17:39:27 +10:00
x_x509.c d2i_X509: revert calling X509v3_cache_extensions() 2021-06-12 10:37:04 +02:00
x_x509a.c x509: address NULL dereference and memory leaks 2021-06-26 11:33:52 +10:00