mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
de53817ec3
openssl/crypto/x509
History
Clemens Lang de53817ec3 x509: Fix possible use-after-free when OOM 
ossl_policy_level_add_node() first adds the new node to the level->nodes
stack, and then attempts to add extra data if extra_data is true. If
memory allocation or adding the extra data to tree->extra_data fails,
the allocated node (that has already been added to the level->nodes
stack) is freed using ossl_policy_node_free(), which leads to
a potential use after free.

Additionally, the tree's node count and the parent's child count would
not be updated, despite the new node being added.

Fix this by either performing the function's purpose completely, or not
at all by reverting the changes on error.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)
2023-05-29 14:52:26 +02:00
..
build.info
by_dir.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
by_file.c
by_store.c
ext_dat.h
pcy_cache.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
pcy_data.c
pcy_lib.c
pcy_local.h x509: excessive resource use verifying policy constraints 2023-03-22 11:24:45 +11:00
pcy_map.c x509: fix double locking problem 2022-12-08 11:10:58 +01:00
pcy_node.c x509: Fix possible use-after-free when OOM 2023-05-29 14:52:26 +02:00
pcy_tree.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
standard_exts.h
t_crl.c
t_req.c
t_x509.c
v3_addr.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
v3_admis.c Fix incorrect error return value in i2r_ADMISSION_SYNTAX() 2023-01-19 14:15:19 +01:00
v3_admis.h
v3_akeya.c
v3_akid.c
v3_asid.c
v3_bcons.c
v3_bitst.c
v3_conf.c
v3_cpols.c
v3_crld.c
v3_enum.c
v3_extku.c
v3_genn.c Fix GENERAL_NAME_cmp for x400Address (master) 2023-02-07 17:05:10 +01:00
v3_ia5.c
v3_info.c
v3_int.c
v3_ist.c
v3_lib.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
v3_ncons.c Fix type confusion in nc_match_single() 2023-02-07 17:05:10 +01:00
v3_pci.c
v3_pcia.c
v3_pcons.c
v3_pku.c
v3_pmaps.c
v3_prn.c
v3_purp.c x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf' 2022-11-18 15:10:01 +01:00
v3_san.c
v3_skid.c
v3_sxnet.c
v3_tlsf.c
v3_utf8.c
v3_utl.c
v3err.c
x509_att.c
x509_cmp.c
x509_d2.c
x509_def.c
x509_err.c
x509_ext.c
x509_local.h
x509_lu.c x509: sort stacks prior to searching 2023-04-28 09:24:06 +02:00
x509_meth.c
x509_obj.c
x509_r2x.c
x509_req.c
x509_set.c first cut at sigalg loading 2023-02-24 11:02:48 +11:00
x509_trust.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
x509_txt.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
x509_v3.c Refine the documents of several APIs 2022-12-16 18:59:28 +01:00
x509_vfy.c Fix checking return code of EVP_PKEY_get_int_param at check_curve 2023-04-21 10:17:52 +02:00
x509_vpm.c x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
x509cset.c X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values 2023-01-24 15:16:25 +01:00
x509name.c Refine the documents of several APIs 2022-12-16 18:59:28 +01:00
x509rset.c
x509spki.c
x509type.c
x_all.c APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given 2023-01-24 15:16:47 +01:00
x_attrib.c
x_crl.c
x_exten.c
x_name.c
x_pubkey.c Do not create DSA keys without parameters by decoder 2023-02-07 17:05:10 +01:00
x_req.c
x_x509.c
x_x509a.c