[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Mar 10 01:52:21 UTC 2016 

The branch master has been updated
       via  a1673e1536729d49cb758b988ac7be368e9b1fdb (commit)
       via  80e8fdbe793c8861411e9f49ea290847fa99f4c7 (commit)
      from  b805b4440dbda5444da2426c98ccd40f93d8cfa5 (commit)


- Log -----------------------------------------------------------------
commit a1673e1536729d49cb758b988ac7be368e9b1fdb
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 8 16:44:57 2016 -0600

    Avoid negative array index in BIO_debug_callback()
    
    BIO_snprintf() can return -1 on truncation (and overflow as of commit
    9cb177301fdab492e4cfef376b28339afe3ef663).  Though neither can
    realistically occur while printing a pointer and short fixed string into
    a buffer of length 256, the analysis to confirm that this the case goes
    somewhat far up the call chain, and not all static analyzers can
    successfully follow the chain of logic.
    
    It's easy enough to clamp the returned length to be nonnegative before
    continuing, which appeases the static analyzer and does not harm the
    subsequent code.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 80e8fdbe793c8861411e9f49ea290847fa99f4c7
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 8 15:53:49 2016 -0600

    CT: check some GeneralizedTime return values
    
    Some of the ASN.1 routines for the GeneralizedTime type can return
    errors; check for these and do not continue past failure, so as
    to appease coverity.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bio_cb.c | 3 +++
 crypto/ct/ct_prn.c  | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 4d3365e..ec484b6 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -77,6 +77,9 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
 
     len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
 
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
     p = buf + len;
     p_maxlen = sizeof(buf) - len;
 
diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index bb669d5..c2e11b1 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -80,6 +80,8 @@ static void timestamp_print(uint64_t timestamp, BIO *out)
     ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
     char genstr[20];
 
+    if (gen == NULL)
+        return;
     ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
                              (int)(timestamp / 86400000),
                              (timestamp % 86400000) / 1000);
@@ -89,8 +91,8 @@ static void timestamp_print(uint64_t timestamp, BIO *out)
      */
     BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
                  ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000));
-    ASN1_GENERALIZEDTIME_set_string(gen, genstr);
-    ASN1_GENERALIZEDTIME_print(out, gen);
+    if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
+        ASN1_GENERALIZEDTIME_print(out, gen);
     ASN1_GENERALIZEDTIME_free(gen);
 }

More information about the openssl-commits mailing list