[openssl-commits] [openssl] master update
paul.dale at oracle.com
paul.dale at oracle.com
Fri Jul 7 03:37:45 UTC 2017
The branch master has been updated
via 86ba26c80a49aee3c588d286d91eb3843529f7e2 (commit)
via b4df712acad6514efc8753d9aa8b5fe3a721c811 (commit)
from ab3e8f63154c7daea9e67846aa83b6e1de7f8969 (commit)
- Log -----------------------------------------------------------------
commit 86ba26c80a49aee3c588d286d91eb3843529f7e2
Author: Pauli <paul.dale at oracle.com>
Date: Fri Jul 7 10:17:59 2017 +1000
Address potential buffer overflows.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)
commit b4df712acad6514efc8753d9aa8b5fe3a721c811
Author: Pauli <paul.dale at oracle.com>
Date: Fri Jul 7 07:29:55 2017 +1000
change return (x) to return x
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_print.c | 59 +++++++++++++++++++++--------------------
crypto/mem_dbg.c | 74 ++++++++++++++++++++++++++++++++++++----------------
crypto/pem/pem_lib.c | 63 +++++++++++++++++++++++---------------------
3 files changed, 115 insertions(+), 81 deletions(-)
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 708067a..9f84997 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -46,13 +46,13 @@ char *BN_bn2hex(const BIGNUM *a)
}
*p = '\0';
err:
- return (buf);
+ return buf;
}
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
- int i = 0, num, ok = 0;
+ int i = 0, num, ok = 0, n, tbytes;
char *buf = NULL;
char *p;
BIGNUM *t = NULL;
@@ -67,9 +67,10 @@ char *BN_bn2dec(const BIGNUM *a)
*/
i = BN_num_bits(a) * 3;
num = (i / 10 + i / 1000 + 1) + 1;
+ tbytes = num + 3; /* negative and terminator and one spare? */
bn_data_num = num / BN_DEC_NUM + 1;
bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
- buf = OPENSSL_malloc(num + 3);
+ buf = OPENSSL_malloc(tbytes);
if ((buf == NULL) || (bn_data == NULL)) {
BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
goto err;
@@ -100,14 +101,16 @@ char *BN_bn2dec(const BIGNUM *a)
* the last one needs truncation. The blocks need to be reversed in
* order.
*/
- sprintf(p, BN_DEC_FMT1, *lp);
- while (*p)
- p++;
+ n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
+ if (n < 0)
+ goto err;
+ p += n;
while (lp != bn_data) {
lp--;
- sprintf(p, BN_DEC_FMT2, *lp);
- while (*p)
- p++;
+ n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
+ if (n < 0)
+ goto err;
+ p += n;
}
}
ok = 1;
@@ -128,7 +131,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
int num;
if ((a == NULL) || (*a == '\0'))
- return (0);
+ return 0;
if (*a == '-') {
neg = 1;
@@ -143,12 +146,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
num = i + neg;
if (bn == NULL)
- return (num);
+ return num;
/* a is the start of the hex digits, and it is 'i' long */
if (*bn == NULL) {
if ((ret = BN_new()) == NULL)
- return (0);
+ return 0;
} else {
ret = *bn;
BN_zero(ret);
@@ -186,11 +189,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
- return (num);
+ return num;
err:
if (*bn == NULL)
BN_free(ret);
- return (0);
+ return 0;
}
int BN_dec2bn(BIGNUM **bn, const char *a)
@@ -201,7 +204,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
int num;
if ((a == NULL) || (*a == '\0'))
- return (0);
+ return 0;
if (*a == '-') {
neg = 1;
a++;
@@ -215,7 +218,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
num = i + neg;
if (bn == NULL)
- return (num);
+ return num;
/*
* a is the start of the digits, and it is 'i' long. We chop it into
@@ -223,7 +226,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
*/
if (*bn == NULL) {
if ((ret = BN_new()) == NULL)
- return (0);
+ return 0;
} else {
ret = *bn;
BN_zero(ret);
@@ -256,11 +259,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
- return (num);
+ return num;
err:
if (*bn == NULL)
BN_free(ret);
- return (0);
+ return 0;
}
int BN_asc2bn(BIGNUM **bn, const char *a)
@@ -290,11 +293,11 @@ int BN_print_fp(FILE *fp, const BIGNUM *a)
int ret;
if ((b = BIO_new(BIO_s_file())) == NULL)
- return (0);
+ return 0;
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = BN_print(b, a);
BIO_free(b);
- return (ret);
+ return ret;
}
# endif
@@ -320,7 +323,7 @@ int BN_print(BIO *bp, const BIGNUM *a)
}
ret = 1;
end:
- return (ret);
+ return ret;
}
char *BN_options(void)
@@ -331,12 +334,12 @@ char *BN_options(void)
if (!init) {
init++;
#ifdef BN_LLONG
- sprintf(data, "bn(%d,%d)",
- (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+ BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+ sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
#else
- sprintf(data, "bn(%d,%d)",
- (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+ BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+ sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
#endif
}
- return (data);
+ return data;
}
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
index c0bb2be..70b5e62 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,7 +183,7 @@ int CRYPTO_mem_ctrl(int mode)
break;
}
CRYPTO_THREAD_unlock(malloc_lock);
- return (ret);
+ return ret;
#endif
}
@@ -206,7 +206,7 @@ static int mem_check_on(void)
CRYPTO_THREAD_unlock(malloc_lock);
}
- return (ret);
+ return ret;
}
static int mem_cmp(const MEM *a, const MEM *b)
@@ -231,7 +231,7 @@ static unsigned long mem_hash(const MEM *a)
ret = (size_t)a->addr;
ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
- return (ret);
+ return ret;
}
/* returns 1 if there was an info to pop, 0 if the stack was empty. */
@@ -292,7 +292,7 @@ int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
}
- return (ret);
+ return ret;
}
int CRYPTO_mem_debug_pop(void)
@@ -304,7 +304,7 @@ int CRYPTO_mem_debug_pop(void)
ret = pop_info();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
}
- return (ret);
+ return ret;
}
static unsigned long break_order_num = 0;
@@ -453,8 +453,9 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
{
char buf[1024];
char *bufp = buf;
+ size_t len = sizeof(buf), ami_cnt;
APP_INFO *amip;
- int ami_cnt;
+ int n;
struct tm *lcl = NULL;
/*
* Convert between CRYPTO_THREAD_ID (which could be anything at all) and
@@ -468,21 +469,37 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
CRYPTO_THREAD_ID ti;
lcl = localtime(&m->time);
- sprintf(bufp, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
- bufp += strlen(bufp);
+ n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
+ lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+ if (n <= 0) {
+ bufp[0] = '\0';
+ return;
+ }
+ bufp += n;
+ len -= n;
- sprintf(bufp, "%5lu file=%s, line=%d, ", m->order, m->file, m->line);
- bufp += strlen(bufp);
+ n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
+ m->order, m->file, m->line);
+ if (n <= 0)
+ return;
+ bufp += n;
+ len -= n;
tid.ltid = 0;
tid.tid = m->threadid;
- sprintf(bufp, "thread=%lu, ", tid.ltid);
- bufp += strlen(bufp);
+ n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
+ if (n <= 0)
+ return;
+ bufp += n;
+ len -= n;
- sprintf(bufp, "number=%d, address=%p\n", m->num, m->addr);
- bufp += strlen(bufp);
+ n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
+ if (n <= 0)
+ return;
+ bufp += n;
+ len -= n;
- l->print_cb(buf, strlen(buf), l->print_cb_arg);
+ l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
l->chunks++;
l->bytes += m->num;
@@ -498,23 +515,34 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
int info_len;
ami_cnt++;
+ if (ami_cnt >= sizeof(buf) - 1)
+ break;
memset(buf, '>', ami_cnt);
+ buf[ami_cnt] = '\0';
tid.ltid = 0;
tid.tid = amip->threadid;
- sprintf(buf + ami_cnt, " thread=%lu, file=%s, line=%d, info=\"",
- tid.ltid, amip->file, amip->line);
- buf_len = strlen(buf);
+ n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+ " thread=%lu, file=%s, line=%d, info=\"",
+ tid.ltid, amip->file, amip->line);
+ if (n <= 0)
+ break;
+ buf_len = ami_cnt + n;
info_len = strlen(amip->info);
if (128 - buf_len - 3 < info_len) {
memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
buf_len = 128 - 3;
} else {
- strcpy(buf + buf_len, amip->info);
- buf_len = strlen(buf);
+ n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
+ amip->info);
+ if (n < 0)
+ break;
+ buf_len += n;
}
- sprintf(buf + buf_len, "\"\n");
+ n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+ if (n <= 0)
+ break;
- l->print_cb(buf, strlen(buf), l->print_cb_arg);
+ l->print_cb(buf, buf_len + n, l->print_cb_arg);
amip = amip->next;
}
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index f18dcca..aacdad9 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -71,6 +71,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
void PEM_proc_type(char *buf, int type)
{
const char *str;
+ char *p = buf + strlen(buf);
if (type == PEM_TYPE_ENCRYPTED)
str = "ENCRYPTED";
@@ -81,27 +82,29 @@ void PEM_proc_type(char *buf, int type)
else
str = "BAD-TYPE";
- strcat(buf, "Proc-Type: 4,");
- strcat(buf, str);
- strcat(buf, "\n");
+ BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str);
}
void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
- static const unsigned char map[17] = "0123456789ABCDEF";
long i;
- int j;
-
- strcat(buf, "DEK-Info: ");
- strcat(buf, type);
- strcat(buf, ",");
- j = strlen(buf);
- for (i = 0; i < len; i++) {
- buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
- buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
- }
- buf[j + i * 2] = '\n';
- buf[j + i * 2 + 1] = '\0';
+ char *p = buf + strlen(buf);
+ int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+
+ n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
+ if (n > 0) {
+ j -= n;
+ p += n;
+ for (i = 0; i < len; i++) {
+ n = BIO_snprintf(p, j, "%02X", 0xff & str[i]);
+ if (n <= 0)
+ return;
+ j -= n;
+ p += n;
+ }
+ if (j > 1)
+ strcpy(p, "\n");
+ }
}
#ifndef OPENSSL_NO_STDIO
@@ -113,12 +116,12 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
if ((b = BIO_new(BIO_s_file())) == NULL) {
PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
- return (0);
+ return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
BIO_free(b);
- return (ret);
+ return ret;
}
#endif
@@ -298,12 +301,12 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
if ((b = BIO_new(BIO_s_file())) == NULL) {
PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
- return (0);
+ return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
BIO_free(b);
- return (ret);
+ return ret;
}
#endif
@@ -402,7 +405,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
EVP_CIPHER_CTX_free(ctx);
OPENSSL_cleanse(buf, PEM_BUFSIZE);
OPENSSL_clear_free(data, (unsigned int)dsize);
- return (ret);
+ return ret;
}
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
@@ -570,14 +573,14 @@ static int load_iv(char **fromp, unsigned char *to, int num)
v = OPENSSL_hexchar2int(*from);
if (v < 0) {
PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
- return (0);
+ return 0;
}
from++;
to[i / 2] |= v << (long)((!(i & 1)) * 4);
}
*fromp = from;
- return (1);
+ return 1;
}
#ifndef OPENSSL_NO_STDIO
@@ -589,12 +592,12 @@ int PEM_write(FILE *fp, const char *name, const char *header,
if ((b = BIO_new(BIO_s_file())) == NULL) {
PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
- return (0);
+ return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = PEM_write_bio(b, name, header, data, len);
BIO_free(b);
- return (ret);
+ return ret;
}
#endif
@@ -651,12 +654,12 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
goto err;
OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
EVP_ENCODE_CTX_free(ctx);
- return (i + outl);
+ return i + outl;
err:
OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
EVP_ENCODE_CTX_free(ctx);
PEMerr(PEM_F_PEM_WRITE_BIO, reason);
- return (0);
+ return 0;
}
#ifndef OPENSSL_NO_STDIO
@@ -668,12 +671,12 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
if ((b = BIO_new(BIO_s_file())) == NULL) {
PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
- return (0);
+ return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = PEM_read_bio(b, name, header, data, len);
BIO_free(b);
- return (ret);
+ return ret;
}
#endif
More information about the openssl-commits
mailing list