[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Fri Apr 29 18:48:40 UTC 2016


The branch master has been updated
       via  77076dc944f76e821e4eae3a6563b853ce00c0ed (commit)
       via  b33d1141b6dcce947708b984c5e9e91dad3d675d (commit)
       via  295f3a24919157e2f9021d0b1709353710ad63db (commit)
      from  3cd3f0024bd432f5396979757a5cf075cc0955d2 (commit)


- Log -----------------------------------------------------------------
commit 77076dc944f76e821e4eae3a6563b853ce00c0ed
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Apr 28 19:45:44 2016 +0100

    Add checks to X509_NAME_oneline()
    
    Sanity check field lengths and sums to avoid potential overflows and reject
    excessively large X509_NAME structures.
    
    Issue reported by Guido Vranken.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit b33d1141b6dcce947708b984c5e9e91dad3d675d
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Apr 28 13:09:27 2016 +0100

    Sanity check buffer length.
    
    Reject zero length buffers passed to X509_NAME_onelne().
    
    Issue reported by Guido Vranken.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 295f3a24919157e2f9021d0b1709353710ad63db
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Apr 28 12:55:29 2016 +0100

    Add size limit to X509_NAME structure.
    
    This adds an explicit limit to the size of an X509_NAME structure. Some
    part of OpenSSL (e.g. TLS) already effectively limit the size due to
    restrictions on certificate size.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_err.c | 60 +++++++-------------------------------------------
 crypto/x509/x509_obj.c | 18 +++++++++++++++
 crypto/x509/x_name.c   | 11 +++++++++
 include/openssl/x509.h |  1 +
 4 files changed, 38 insertions(+), 52 deletions(-)

diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index d140d52..3f5f63d 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,56 +1,11 @@
-/* ====================================================================
- * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- */
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+*/
 
 /*
  * NOTE: this file was auto generated by the mkerr.pl script: any changes
@@ -156,6 +111,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
     {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
     {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
     {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
+    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
     {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
     {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
      "no cert set for us to verify"},
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index ac871b4..f6c348f 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -63,6 +63,13 @@
 #include <openssl/buffer.h>
 #include "internal/x509_int.h"
 
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything enountered in practice.
+ */
+
+#define NAME_ONELINE_MAX    (1024 * 1024)
+
 char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 {
     X509_NAME_ENTRY *ne;
@@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
             goto err;
         b->data[0] = '\0';
         len = 200;
+    } else if (len == 0) {
+        return NULL;
     }
     if (a == NULL) {
         if (b) {
@@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 
         type = ne->value->type;
         num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
         q = ne->value->data;
 #ifdef CHARSET_EBCDIC
         if (type == V_ASN1_GENERALSTRING ||
@@ -154,6 +167,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 
         lold = l;
         l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
         if (b != NULL) {
             if (!BUF_MEM_grow(b, l + 1))
                 goto err;
@@ -206,6 +223,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
     return (p);
  err:
     X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ end:
     BUF_MEM_free(b);
     return (NULL);
 }
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index cd6c719..72682fe 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -64,6 +64,13 @@
 #include "internal/asn1_int.h"
 #include "x509_lcl.h"
 
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                             const unsigned char **in, long len,
                             const ASN1_ITEM *it,
@@ -187,6 +194,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX) {
+        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+        return 0;
+    }
     q = p;
 
     /* Get internal representation of Name */
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a36500c..009ee6a 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1122,6 +1122,7 @@ void ERR_load_X509_strings(void);
 # define X509_R_LOADING_CERT_DIR                          103
 # define X509_R_LOADING_DEFAULTS                          104
 # define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
 # define X509_R_NEWER_CRL_NOT_NEWER                       132
 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
 # define X509_R_NO_CRL_NUMBER                             130


More information about the openssl-commits mailing list