]>
Commit | Line | Data |
---|---|---|
9920e6ec JB |
1 | --- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001 |
2 | +++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002 | |
3 | @@ -491,3 +491,11 @@ | |
4 | #endif | |
5 | ||
6 | #endif | |
7 | + | |
8 | +void OpenSSLDie(const char *file,int line,const char *assertion) | |
9 | + { | |
10 | + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", | |
11 | + file,line,assertion); | |
12 | + abort(); | |
13 | + } | |
14 | + | |
15 | --- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000 | |
16 | +++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002 | |
17 | @@ -89,6 +89,14 @@ | |
18 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" | |
19 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" | |
20 | ||
21 | +/* size of string represenations */ | |
22 | +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | |
23 | +#define HEX_SIZE(type) ((sizeof(type)*2) | |
24 | + | |
25 | +/* die if we have to */ | |
26 | +void OpenSSLDie(const char *file,int line,const char *assertion); | |
27 | +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | |
28 | + | |
29 | #ifdef __cplusplus | |
30 | } | |
31 | #endif | |
32 | --- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001 | |
33 | +++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002 | |
e635c11d JB |
34 | @@ -124,15 +124,13 @@ |
35 | (int)(omax+ *pp)); | |
36 | ||
37 | #endif | |
38 | -#if 0 | |
39 | - if ((p+ *plength) > (omax+ *pp)) | |
40 | + if (*plength > (omax - (*pp - p))) | |
41 | { | |
42 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | |
43 | /* Set this so that even if things are not long enough | |
44 | * the values are set correctly */ | |
45 | ret|=0x80; | |
46 | } | |
47 | -#endif | |
48 | *pp=p; | |
49 | return(ret|inf); | |
50 | err: | |
51 | @@ -159,6 +157,8 @@ | |
52 | i= *p&0x7f; | |
53 | if (*(p++) & 0x80) | |
54 | { | |
55 | + if (i > sizeof(long)) | |
56 | + return 0; | |
57 | if (max-- == 0) return(0); | |
58 | while (i-- > 0) | |
59 | { | |
60 | @@ -170,6 +170,8 @@ | |
61 | else | |
62 | ret=i; | |
63 | } | |
64 | + if (ret < 0) | |
65 | + return 0; | |
66 | *pp=p; | |
67 | *rl=ret; | |
68 | return(1); | |
9920e6ec JB |
69 | @@ -407,7 +407,7 @@ |
70 | ||
71 | void asn1_add_error(unsigned char *address, int offset) | |
72 | { | |
73 | - char buf1[16],buf2[16]; | |
74 | + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; | |
75 | ||
76 | sprintf(buf1,"%lu",(unsigned long)address); | |
77 | sprintf(buf2,"%d",offset); | |
78 | --- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000 | |
79 | +++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002 | |
80 | @@ -67,6 +67,7 @@ | |
81 | #include "conf_def.h" | |
82 | #include <openssl/buffer.h> | |
83 | #include <openssl/err.h> | |
84 | +#include "cryptlib.h" | |
85 | ||
86 | static char *eat_ws(CONF *conf, char *p); | |
87 | static char *eat_alpha_numeric(CONF *conf, char *p); | |
88 | @@ -180,12 +181,12 @@ | |
89 | static int def_load(CONF *conf, BIO *in, long *line) | |
90 | { | |
91 | #define BUFSIZE 512 | |
92 | - char btmp[16]; | |
93 | int bufnum=0,i,ii; | |
94 | BUF_MEM *buff=NULL; | |
95 | char *s,*p,*end; | |
96 | int again,n; | |
97 | long eline=0; | |
98 | + char btmp[DECIMAL_SIZE(eline)+1]; | |
99 | CONF_VALUE *v=NULL,*tv; | |
100 | CONF_VALUE *sv=NULL; | |
101 | char *section=NULL,*buf; | |
102 | --- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000 | |
103 | +++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002 | |
104 | @@ -428,7 +428,7 @@ | |
105 | unsigned long l; | |
106 | unsigned char *p; | |
107 | const char *s; | |
108 | - char tbuf[32]; | |
109 | + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; | |
110 | ||
111 | if (buf_len <= 0) return(0); | |
112 | ||
113 | --- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001 | |
114 | +++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002 | |
115 | @@ -116,6 +116,7 @@ | |
116 | #include <openssl/buffer.h> | |
117 | #include <openssl/objects.h> | |
118 | #include <openssl/evp.h> | |
119 | +#include "cryptlib.h" | |
120 | ||
121 | static SSL_METHOD *ssl2_get_client_method(int ver); | |
122 | static int get_server_finished(SSL *s); | |
123 | @@ -517,6 +518,7 @@ | |
124 | } | |
125 | ||
126 | s->s2->conn_id_length=s->s2->tmp.conn_id_length; | |
127 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
128 | memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | |
129 | return(1); | |
130 | } | |
131 | @@ -618,6 +620,7 @@ | |
132 | /* make key_arg data */ | |
133 | i=EVP_CIPHER_iv_length(c); | |
134 | sess->key_arg_length=i; | |
135 | + die(i <= SSL_MAX_KEY_ARG_LENGTH); | |
136 | if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | |
137 | ||
138 | /* make a master key */ | |
139 | @@ -625,6 +628,7 @@ | |
140 | sess->master_key_length=i; | |
141 | if (i > 0) | |
142 | { | |
143 | + die(i <= sizeof sess->master_key); | |
144 | if (RAND_bytes(sess->master_key,i) <= 0) | |
145 | { | |
146 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
147 | @@ -668,6 +672,7 @@ | |
148 | d+=enc; | |
149 | karg=sess->key_arg_length; | |
150 | s2n(karg,p); /* key arg size */ | |
151 | + die(karg <= sizeof sess->key_arg); | |
152 | memcpy(d,sess->key_arg,(unsigned int)karg); | |
153 | d+=karg; | |
154 | ||
155 | @@ -688,6 +693,7 @@ | |
156 | { | |
157 | p=(unsigned char *)s->init_buf->data; | |
158 | *(p++)=SSL2_MT_CLIENT_FINISHED; | |
159 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
160 | memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | |
161 | ||
162 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | |
163 | @@ -944,6 +950,8 @@ | |
164 | { | |
165 | if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | |
166 | { | |
167 | + die(s->session->session_id_length | |
168 | + <= sizeof s->session->session_id); | |
169 | if (memcmp(buf,s->session->session_id, | |
170 | (unsigned int)s->session->session_id_length) != 0) | |
171 | { | |
172 | --- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000 | |
173 | +++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002 | |
174 | @@ -62,6 +62,7 @@ | |
175 | #include <openssl/rsa.h> | |
176 | #include <openssl/objects.h> | |
177 | #include <openssl/md5.h> | |
178 | +#include "cryptlib.h" | |
179 | ||
180 | static long ssl2_default_timeout(void ); | |
181 | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | |
182 | @@ -425,10 +426,14 @@ | |
183 | #endif | |
184 | ||
185 | km=s->s2->key_material; | |
186 | + die(s->s2->key_material_length <= sizeof s->s2->key_material); | |
187 | for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) | |
188 | { | |
189 | MD5_Init(&ctx); | |
190 | - | |
191 | + | |
192 | + die(s->session->master_key_length >= 0 | |
193 | + && s->session->master_key_length | |
194 | + < sizeof s->session->master_key); | |
195 | MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); | |
196 | MD5_Update(&ctx,&c,1); | |
197 | c++; | |
198 | @@ -463,6 +468,7 @@ | |
199 | /* state=s->rwstate;*/ | |
200 | error=s->error; | |
201 | s->error=0; | |
202 | + die(error >= 0 && error <= 3); | |
203 | i=ssl2_write(s,&(buf[3-error]),error); | |
204 | /* if (i == error) s->rwstate=state; */ | |
205 | ||
206 | --- ssl/s2_srvr.c.orig Wed Nov 14 14:19:47 2001 | |
207 | +++ ssl/s2_srvr.c Fri Jul 26 10:43:56 2002 | |
208 | @@ -116,6 +116,7 @@ | |
209 | #include <openssl/rand.h> | |
210 | #include <openssl/objects.h> | |
211 | #include <openssl/evp.h> | |
212 | +#include "cryptlib.h" | |
213 | ||
214 | static SSL_METHOD *ssl2_get_server_method(int ver); | |
215 | static int get_client_master_key(SSL *s); | |
216 | @@ -417,11 +418,18 @@ | |
217 | n2s(p,i); s->s2->tmp.clear=i; | |
218 | n2s(p,i); s->s2->tmp.enc=i; | |
219 | n2s(p,i); s->session->key_arg_length=i; | |
220 | + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | |
221 | + { | |
222 | + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | |
223 | + SSL_R_KEY_ARG_TOO_LONG); | |
224 | + return -1; | |
225 | + } | |
226 | s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | |
227 | } | |
228 | ||
229 | /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | |
230 | p=(unsigned char *)s->init_buf->data; | |
231 | + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); | |
232 | keya=s->session->key_arg_length; | |
233 | len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | |
234 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | |
235 | @@ -502,6 +510,7 @@ | |
236 | #endif | |
237 | ||
238 | if (is_export) i+=s->s2->tmp.clear; | |
239 | + die(i <= SSL_MAX_MASTER_KEY_LENGTH); | |
240 | s->session->master_key_length=i; | |
241 | memcpy(s->session->master_key,p,(unsigned int)i); | |
242 | return(1); | |
243 | @@ -649,6 +658,7 @@ | |
244 | p+=s->s2->tmp.session_id_length; | |
245 | ||
246 | /* challenge */ | |
247 | + die(s->s2->challenge_length <= sizeof s->s2->challenge); | |
248 | memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | |
249 | return(1); | |
250 | mem_err: | |
251 | @@ -800,6 +810,7 @@ | |
252 | } | |
253 | ||
254 | /* SSL2_ST_GET_CLIENT_FINISHED_B */ | |
255 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
256 | len = 1 + (unsigned long)s->s2->conn_id_length; | |
257 | n = (int)len - s->init_num; | |
258 | i = ssl2_read(s,(char *)&(p[s->init_num]),n); | |
259 | @@ -825,6 +836,7 @@ | |
260 | { | |
261 | p=(unsigned char *)s->init_buf->data; | |
262 | *(p++)=SSL2_MT_SERVER_VERIFY; | |
263 | + die(s->s2->challenge_length <= sizeof s->s2->challenge); | |
264 | memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | |
265 | /* p+=s->s2->challenge_length; */ | |
266 | ||
267 | @@ -844,6 +856,8 @@ | |
268 | p=(unsigned char *)s->init_buf->data; | |
269 | *(p++)=SSL2_MT_SERVER_FINISHED; | |
270 | ||
271 | + die(s->session->session_id_length | |
272 | + <= sizeof s->session->session_id); | |
273 | memcpy(p,s->session->session_id, | |
274 | (unsigned int)s->session->session_id_length); | |
275 | /* p+=s->session->session_id_length; */ | |
276 | --- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001 | |
277 | +++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002 | |
278 | @@ -64,6 +64,7 @@ | |
279 | #include <openssl/sha.h> | |
280 | #include <openssl/evp.h> | |
281 | #include "ssl_locl.h" | |
282 | +#include "cryptlib.h" | |
283 | ||
284 | static SSL_METHOD *ssl3_get_client_method(int ver); | |
285 | static int ssl3_client_hello(SSL *s); | |
286 | @@ -492,6 +493,7 @@ | |
287 | *(p++)=i; | |
288 | if (i != 0) | |
289 | { | |
290 | + die(i <= sizeof s->session->session_id); | |
291 | memcpy(p,s->session->session_id,i); | |
292 | p+=i; | |
293 | } | |
294 | @@ -572,6 +574,14 @@ | |
295 | ||
296 | /* get the session-id */ | |
297 | j= *(p++); | |
298 | + | |
299 | + if(j > sizeof s->session->session_id) | |
300 | + { | |
301 | + al=SSL_AD_ILLEGAL_PARAMETER; | |
302 | + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | |
303 | + SSL_R_SSL3_SESSION_ID_TOO_LONG); | |
304 | + goto f_err; | |
305 | + } | |
306 | ||
307 | if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) | |
308 | { | |
309 | --- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001 | |
310 | +++ ssl/ssl.h Fri Jul 26 11:36:19 2002 | |
311 | @@ -1423,6 +1423,7 @@ | |
312 | #define SSL_R_INVALID_COMMAND 280 | |
313 | #define SSL_R_INVALID_PURPOSE 278 | |
314 | #define SSL_R_INVALID_TRUST 279 | |
315 | +#define SSL_R_KEY_ARG_TOO_LONG 1112 | |
316 | #define SSL_R_LENGTH_MISMATCH 159 | |
317 | #define SSL_R_LENGTH_TOO_SHORT 160 | |
318 | #define SSL_R_LIBRARY_BUG 274 | |
319 | @@ -1491,6 +1492,7 @@ | |
320 | #define SSL_R_SHORT_READ 219 | |
321 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | |
322 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | |
323 | +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 | |
324 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | |
325 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | |
326 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 | |
327 | --- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000 | |
328 | +++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002 | |
329 | @@ -62,6 +62,7 @@ | |
330 | #include <openssl/objects.h> | |
331 | #include <openssl/x509.h> | |
332 | #include "ssl_locl.h" | |
333 | +#include "cryptlib.h" | |
334 | ||
335 | typedef struct ssl_session_asn1_st | |
336 | { | |
337 | @@ -275,6 +276,7 @@ | |
338 | os.length=i; | |
339 | ||
340 | ret->session_id_length=os.length; | |
341 | + die(os.length <= sizeof ret->session_id); | |
342 | memcpy(ret->session_id,os.data,os.length); | |
343 | ||
344 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | |
345 | --- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001 | |
346 | +++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002 | |
347 | @@ -1,6 +1,6 @@ | |
348 | /* ssl/ssl_err.c */ | |
349 | /* ==================================================================== | |
350 | - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
351 | + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | |
352 | * | |
353 | * Redistribution and use in source and binary forms, with or without | |
354 | * modification, are permitted provided that the following conditions | |
355 | @@ -275,6 +275,7 @@ | |
356 | {SSL_R_INVALID_COMMAND ,"invalid command"}, | |
357 | {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, | |
358 | {SSL_R_INVALID_TRUST ,"invalid trust"}, | |
359 | +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, | |
360 | {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, | |
361 | {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, | |
362 | {SSL_R_LIBRARY_BUG ,"library bug"}, | |
363 | @@ -343,6 +344,7 @@ | |
364 | {SSL_R_SHORT_READ ,"short read"}, | |
365 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | |
366 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | |
367 | +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, | |
368 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | |
369 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | |
370 | {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, | |
371 | --- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000 | |
372 | +++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002 | |
373 | @@ -60,6 +60,7 @@ | |
374 | #include <openssl/lhash.h> | |
375 | #include <openssl/rand.h> | |
376 | #include "ssl_locl.h" | |
377 | +#include "cryptlib.h" | |
378 | ||
379 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | |
380 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | |
381 | @@ -199,6 +200,7 @@ | |
382 | ss->session_id_length=0; | |
383 | } | |
384 | ||
385 | + die(s->sid_ctx_length <= sizeof ss->sid_ctx); | |
386 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | |
387 | ss->sid_ctx_length=s->sid_ctx_length; | |
388 | s->session=ss; | |
389 | --- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001 | |
390 | +++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002 | |
391 | @@ -122,6 +122,7 @@ | |
392 | #include <openssl/evp.h> | |
393 | #include <openssl/x509.h> | |
394 | #include "ssl_locl.h" | |
395 | +#include "cryptlib.h" | |
396 | ||
397 | static SSL_METHOD *ssl3_get_server_method(int ver); | |
398 | static int ssl3_get_client_hello(SSL *s); | |
399 | @@ -942,6 +943,7 @@ | |
400 | s->session->session_id_length=0; | |
401 | ||
402 | sl=s->session->session_id_length; | |
403 | + die(sl <= sizeof s->session->session_id); | |
404 | *(p++)=sl; | |
405 | memcpy(p,s->session->session_id,sl); | |
406 | p+=sl; |