[openssl/openssl] 65e30e: Fix ipv4_from_asc behavior on invalid Ip addresses

Matt Caswell noreply at github.com
Mon Jul 25 06:36:34 UTC 2022 

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.com/openssl/openssl
  Commit: 65e30e7d56f01008d29e65c9ae7a42ce074def2f
      https://github.com/openssl/openssl/commit/65e30e7d56f01008d29e65c9ae7a42ce074def2f
  Author: Amir Mohammadi <amiremohamadi at yahoo.com>
  Date:   2022-07-25 (Mon, 25 Jul 2022)

  Changed paths:
    M crypto/x509v3/v3_utl.c

  Log Message:
  -----------
  Fix ipv4_from_asc behavior on invalid Ip addresses

sscanf() call in ipv4_from_asc does not check that
the string is terminated immediately after the last digit.

(cherry picked from commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b)

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18847)


  Commit: bd41b84bede84c1a5716be4eafddd1dd052faa72
      https://github.com/openssl/openssl/commit/bd41b84bede84c1a5716be4eafddd1dd052faa72
  Author: Christian Heimes <christian at python.org>
  Date:   2022-07-25 (Mon, 25 Jul 2022)

  Changed paths:
    M test/x509_internal_test.c

  Log Message:
  -----------
  Test case for a2i_IPADDRESS

Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores
trailing data.

See: https://github.com/openssl/openssl/issues/12649
See: https://bugs.python.org/issue41556

(cherry picked from commit 1a9411a30b09a98498366979a1ea4898f70f6d19)

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18847)


  Commit: c3b0279bda7bf4f0f81a3dba952698fa68a51639
      https://github.com/openssl/openssl/commit/c3b0279bda7bf4f0f81a3dba952698fa68a51639
  Author: Amir Mohammadi <amiremohamadi at yahoo.com>
  Date:   2022-07-25 (Mon, 25 Jul 2022)

  Changed paths:
    M test/x509_internal_test.c

  Log Message:
  -----------
  Fix test case for a2i_IPADDRESS

(cherry picked from commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415)

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18847)


  Commit: 264a3f453c418dc01f4b74928ed2a76a08a65513
      https://github.com/openssl/openssl/commit/264a3f453c418dc01f4b74928ed2a76a08a65513
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-07-25 (Mon, 25 Jul 2022)

  Changed paths:
    M crypto/x509v3/v3_addr.c
    M test/v3ext.c

  Log Message:
  -----------
  Fix a crash in v2i_IPAddrBlocks()

If an IP address prefix value is supplied that is too large then a crash
can result. v2i_IPAddrBlocks() should sanity check the prefix value, as
should X509v3_addr_add_prefix().

Reported by Theo Buehler (@botovq)

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18847)


Compare: https://github.com/openssl/openssl/compare/952fab01bebb...264a3f453c41

More information about the openssl-commits mailing list