[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Aug 6 10:32:21 UTC 2021 

The branch master has been updated
       via  9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 (commit)
       via  1a9411a30b09a98498366979a1ea4898f70f6d19 (commit)
       via  8b9a13b43ba3d71e441fca47a52e800ce79b3d2b (commit)
      from  3f15358c7974573c12b94b01cb53d23e3c568310 (commit)


- Log -----------------------------------------------------------------
commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415
Author: Amir Mohammadi <amiremohamadi at yahoo.com>
Date:   Wed Aug 4 09:44:29 2021 +0430

    Fix test case for a2i_IPADDRESS
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16201)

commit 1a9411a30b09a98498366979a1ea4898f70f6d19
Author: Christian Heimes <christian at python.org>
Date:   Sat Aug 15 20:01:49 2020 +0200

    Test case for a2i_IPADDRESS
    
    Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores
    trailing data.
    
    See: https://github.com/openssl/openssl/issues/12649
    See: https://bugs.python.org/issue41556
    Signed-off-by: Christian Heimes <christian at python.org>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16201)

commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b
Author: Amir Mohammadi <amiremohamadi at yahoo.com>
Date:   Wed Aug 4 09:43:49 2021 +0430

    Fix ipv4_from_asc behavior on invalid Ip addresses
    
    sscanf() call in ipv4_from_asc does not check that
    the string is terminated immediately after the last digit.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16201)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/v3_utl.c      |  8 +++++--
 test/x509_internal_test.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 255db422bd..77d5421349 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -1096,13 +1096,17 @@ int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc)
 
 static int ipv4_from_asc(unsigned char *v4, const char *in)
 {
-    int a0, a1, a2, a3;
+    const char *p;
+    int a0, a1, a2, a3, n;
 
-    if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+    if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4)
         return 0;
     if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
         || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
         return 0;
+    p = in + n;
+    if (!(*p == '\0' || ossl_isspace(*p)))
+        return 0;
     v4[0] = a0;
     v4[1] = a1;
     v4[2] = a2;
diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
index a17dfd9398..a63293d5ed 100644
--- a/test/x509_internal_test.c
+++ b/test/x509_internal_test.c
@@ -48,8 +48,63 @@ static int test_standard_exts(void)
     return good;
 }
 
+typedef struct {
+    const char *ipasc;
+    const char *data;
+    int length;
+} IP_TESTDATA;
+
+static IP_TESTDATA a2i_ipaddress_tests[] = {
+    {"127.0.0.1", "\x7f\x00\x00\x01", 4},
+    {"1.2.3.4", "\x01\x02\x03\x04", 4},
+    {"1.2.3.255", "\x01\x02\x03\xff", 4},
+    {"1.2.3", NULL, 0},
+    {"1.2.3 .4", NULL, 0},
+
+    {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
+    {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16},
+    {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16},
+    {"1:1:1:1:1:1:1:1.test", NULL, 0},
+    {":::1", NULL, 0},
+    {"2001::123g", NULL, 0},
+
+    {"example.test", NULL, 0},
+    {"", NULL, 0},
+
+    {"1.2.3.4 ", "\x01\x02\x03\x04", 4},
+    {" 1.2.3.4", "\x01\x02\x03\x04", 4},
+    {" 1.2.3.4 ", "\x01\x02\x03\x04", 4},
+    {"1.2.3.4.example.test", NULL, 0},
+};
+
+
+static int test_a2i_ipaddress(int idx)
+{
+    int good = 1;
+    ASN1_OCTET_STRING *ip;
+    int len = a2i_ipaddress_tests[idx].length;
+
+    ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc);
+    if (len == 0) {
+        if (!TEST_ptr_null(ip)) {
+            good = 0;
+            TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc);
+        }
+    } else {
+        if (!TEST_ptr(ip)
+            || !TEST_int_eq(ASN1_STRING_length(ip), len)
+            || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len,
+                            a2i_ipaddress_tests[idx].data, len)) {
+            good = 0;
+        }
+    }
+    ASN1_OCTET_STRING_free(ip);
+    return good;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_standard_exts);
+    ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests));
     return 1;
 }

More information about the openssl-commits mailing list