[openssl] OpenSSL_1_1_1-stable update
tomas at openssl.org
tomas at openssl.org
Thu Jun 3 15:09:57 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 5478387c14e0c22a525e2ec5ed37f6ffad4b7c59 (commit)
from 869e1424438b3c117d6ef4d3fbf4545cc7dab171 (commit)
- Log -----------------------------------------------------------------
commit 5478387c14e0c22a525e2ec5ed37f6ffad4b7c59
Author: bonniegong <yuanjungong96 at gmail.com>
Date: Wed Jun 2 15:35:18 2021 +0800
Check the return value of ASN1_STRING_length
ASN1_STRING_length gets the field 'length' of msg, which
can be manipulated through a crafted input.
Add a check to avoid error execution of OPENSSL_malloc().
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15583)
(cherry picked from commit effb0dcf864110a4595f1a243adb9c1dd09eb516)
-----------------------------------------------------------------------
Summary of changes:
crypto/ts/ts_verify_ctx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 1e80e0d370..803fbe44a7 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
goto err;
msg = imprint->hashed_msg;
ret->imprint_len = ASN1_STRING_length(msg);
+ if (ret->imprint_len <= 0)
+ goto err;
if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
goto err;
memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
More information about the openssl-commits
mailing list