[openssl/openssl] 749fcc: Fix genstr/genconf option in asn1parse

Neil Horman noreply at github.com
Wed Dec 13 16:32:44 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 749fcc0e3ce796474a15d6fac221e57daeacff1e
      https://github.com/openssl/openssl/commit/749fcc0e3ce796474a15d6fac221e57daeacff1e
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2023-12-13 (Wed, 13 Dec 2023)

  Changed paths:
    M apps/asn1parse.c

  Log Message:
  -----------
  Fix genstr/genconf option in asn1parse

At some point the asn1parse applet was changed to default the inform to
PEM, and defalt input file to stdin.  Doing so broke the -genstr|conf options,
in that, before we attempt to generate an ASN1 block from the provided
genstr string, we attempt to read a PEM input from stdin.  As a result,
this command:
openssl asn1parse -genstr OID:1.2.3.4
hangs because we are attempting a blocking read on stdin, waiting for
data that never arrives

Fix it by giving priority to genstr|genconf, such that, if set, will just run
do_generate on that string and exit

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)


  Commit: a552c23c6502592c1b3c67d93dd7e5ffbe958aa4
      https://github.com/openssl/openssl/commit/a552c23c6502592c1b3c67d93dd7e5ffbe958aa4
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2023-12-13 (Wed, 13 Dec 2023)

  Changed paths:
    M apps/asn1parse.c
    M crypto/asn1/asn_moid.c
    A test/recipes/04-test_asn1_parse.t
    A test/test_asn1_parse.cnf

  Log Message:
  -----------
  Harden asn1 oid loader to invalid inputs

In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init

config_diagnostics = 1

[openssl_init]
oid_section = oids

[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======

The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space

correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)


Compare: https://github.com/openssl/openssl/compare/75caab2718ae...a552c23c6502

More information about the openssl-commits mailing list