[openssl] master update

tomas at openssl.org tomas at openssl.org
Thu Jun 3 15:09:32 UTC 2021

The branch master has been updated
       via  effb0dcf864110a4595f1a243adb9c1dd09eb516 (commit)
      from  f6b6574cd73649b4bd5f695b9dbb8f80422ff244 (commit)

- Log -----------------------------------------------------------------
commit effb0dcf864110a4595f1a243adb9c1dd09eb516
Author: bonniegong <yuanjungong96 at gmail.com>
Date:   Wed Jun 2 15:35:18 2021 +0800

    Check the return value of ASN1_STRING_length
    ASN1_STRING_length gets the field 'length' of msg, which
    can be manipulated through a crafted input.
    Add a check to avoid error execution of OPENSSL_malloc().
    CLA: trivial
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15583)


Summary of changes:
 crypto/ts/ts_verify_ctx.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 825d53e4f7..20268339ee 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
         goto err;
     msg = imprint->hashed_msg;
     ret->imprint_len = ASN1_STRING_length(msg);
+    if (ret->imprint_len <= 0)
+        goto err;
     if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
         goto err;
     memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);

More information about the openssl-commits mailing list