[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Wed Sep 1 01:45:59 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 35cefdcab0f474deafcd769a2eb93f2c0f07051e (commit)
via 5f9c384a1cd54ff28707d8c652343d2bf636c245 (commit)
from a9972440d26e482cec9d7a8c4c0063baa20d9eac (commit)
- Log -----------------------------------------------------------------
commit 35cefdcab0f474deafcd769a2eb93f2c0f07051e
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Aug 27 11:41:04 2021 +0200
ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
commit 5f9c384a1cd54ff28707d8c652343d2bf636c245
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Aug 27 11:37:10 2021 +0200
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
Fixes #16428
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
-----------------------------------------------------------------------
Summary of changes:
.github/workflows/ci.yml | 2 +-
crypto/asn1/a_print.c | 7 ++++---
crypto/asn1/asn1_lib.c | 11 ++++++++---
ssl/ssl_asn1.c | 2 +-
4 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6b61af9c03..367b8cf41f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -113,7 +113,7 @@ jobs:
steps:
- uses: actions/checkout at v2
- name: config
- run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump
+ run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index 85a631a27a..f86623fdfa 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
int ia5 = 0;
int t61 = 0;
- if (len <= 0)
- len = -1;
if (s == NULL)
return V_ASN1_PRINTABLESTRING;
- while ((*s) && (len-- != 0)) {
+ if (len < 0)
+ len = strlen((const char *)s);
+
+ while (len-- > 0) {
c = *(s++);
if (!ossl_isasn1print(c))
ia5 = 1;
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 3d99d1383d..b9b7ad8e9e 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -294,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
c = str->data;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* No NUL terminator in fuzzing builds */
- str->data = OPENSSL_realloc(c, len);
+ str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
#else
str->data = OPENSSL_realloc(c, len + 1);
#endif
@@ -307,7 +307,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
str->length = len;
if (data != NULL) {
memcpy(str->data, data, len);
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /* Set the unused byte to something non NUL and printable. */
+ if (len == 0)
+ str->data[len] = '~';
+#else
/*
* Add a NUL terminator. This should not be necessary - but we add it as
* a safety precaution
@@ -375,7 +379,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
i = (a->length - b->length);
if (i == 0) {
- i = memcmp(a->data, b->data, a->length);
+ if (a->length != 0)
+ i = memcmp(a->data, b->data, a->length);
if (i == 0)
return a->type - b->type;
else
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 799fee771b..dd4a2e3203 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -225,7 +225,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
ASN1_OCTET_STRING *src, size_t maxlen)
{
- if (src == NULL) {
+ if (src == NULL || src->length == 0) {
*pdstlen = 0;
return 1;
}
More information about the openssl-commits
mailing list