- missing fixes for ASN.1
[packages/openssl.git] / openssl-0.9.6c-security.patch
CommitLineData
9920e6ec
JB
1--- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001
2+++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002
3@@ -491,3 +491,11 @@
4 #endif
5
6 #endif
7+
8+void OpenSSLDie(const char *file,int line,const char *assertion)
9+ {
10+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
11+ file,line,assertion);
12+ abort();
13+ }
14+
15--- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000
16+++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002
17@@ -89,6 +89,14 @@
18 #define X509_CERT_DIR_EVP "SSL_CERT_DIR"
19 #define X509_CERT_FILE_EVP "SSL_CERT_FILE"
20
21+/* size of string represenations */
22+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
23+#define HEX_SIZE(type) ((sizeof(type)*2)
24+
25+/* die if we have to */
26+void OpenSSLDie(const char *file,int line,const char *assertion);
27+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
28+
29 #ifdef __cplusplus
30 }
31 #endif
32--- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
33+++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
e635c11d
JB
34@@ -124,15 +124,13 @@
35 (int)(omax+ *pp));
36
37 #endif
38-#if 0
39- if ((p+ *plength) > (omax+ *pp))
40+ if (*plength > (omax - (*pp - p)))
41 {
42 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
43 /* Set this so that even if things are not long enough
44 * the values are set correctly */
45 ret|=0x80;
46 }
47-#endif
48 *pp=p;
49 return(ret|inf);
50 err:
51@@ -159,6 +157,8 @@
52 i= *p&0x7f;
53 if (*(p++) & 0x80)
54 {
55+ if (i > sizeof(long))
56+ return 0;
57 if (max-- == 0) return(0);
58 while (i-- > 0)
59 {
60@@ -170,6 +170,8 @@
61 else
62 ret=i;
63 }
64+ if (ret < 0)
65+ return 0;
66 *pp=p;
67 *rl=ret;
68 return(1);
9920e6ec
JB
69@@ -407,7 +407,7 @@
70
71 void asn1_add_error(unsigned char *address, int offset)
72 {
73- char buf1[16],buf2[16];
74+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
75
76 sprintf(buf1,"%lu",(unsigned long)address);
77 sprintf(buf2,"%d",offset);
78--- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000
79+++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002
80@@ -67,6 +67,7 @@
81 #include "conf_def.h"
82 #include <openssl/buffer.h>
83 #include <openssl/err.h>
84+#include "cryptlib.h"
85
86 static char *eat_ws(CONF *conf, char *p);
87 static char *eat_alpha_numeric(CONF *conf, char *p);
88@@ -180,12 +181,12 @@
89 static int def_load(CONF *conf, BIO *in, long *line)
90 {
91 #define BUFSIZE 512
92- char btmp[16];
93 int bufnum=0,i,ii;
94 BUF_MEM *buff=NULL;
95 char *s,*p,*end;
96 int again,n;
97 long eline=0;
98+ char btmp[DECIMAL_SIZE(eline)+1];
99 CONF_VALUE *v=NULL,*tv;
100 CONF_VALUE *sv=NULL;
101 char *section=NULL,*buf;
102--- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000
103+++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002
104@@ -428,7 +428,7 @@
105 unsigned long l;
106 unsigned char *p;
107 const char *s;
108- char tbuf[32];
109+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
110
111 if (buf_len <= 0) return(0);
112
113--- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001
114+++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002
115@@ -116,6 +116,7 @@
116 #include <openssl/buffer.h>
117 #include <openssl/objects.h>
118 #include <openssl/evp.h>
119+#include "cryptlib.h"
120
121 static SSL_METHOD *ssl2_get_client_method(int ver);
122 static int get_server_finished(SSL *s);
123@@ -517,6 +518,7 @@
124 }
125
126 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
127+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
128 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
129 return(1);
130 }
131@@ -618,6 +620,7 @@
132 /* make key_arg data */
133 i=EVP_CIPHER_iv_length(c);
134 sess->key_arg_length=i;
135+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
136 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
137
138 /* make a master key */
139@@ -625,6 +628,7 @@
140 sess->master_key_length=i;
141 if (i > 0)
142 {
143+ die(i <= sizeof sess->master_key);
144 if (RAND_bytes(sess->master_key,i) <= 0)
145 {
146 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
147@@ -668,6 +672,7 @@
148 d+=enc;
149 karg=sess->key_arg_length;
150 s2n(karg,p); /* key arg size */
151+ die(karg <= sizeof sess->key_arg);
152 memcpy(d,sess->key_arg,(unsigned int)karg);
153 d+=karg;
154
155@@ -688,6 +693,7 @@
156 {
157 p=(unsigned char *)s->init_buf->data;
158 *(p++)=SSL2_MT_CLIENT_FINISHED;
159+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
160 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
161
162 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
163@@ -944,6 +950,8 @@
164 {
165 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
166 {
167+ die(s->session->session_id_length
168+ <= sizeof s->session->session_id);
169 if (memcmp(buf,s->session->session_id,
170 (unsigned int)s->session->session_id_length) != 0)
171 {
172--- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000
173+++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002
174@@ -62,6 +62,7 @@
175 #include <openssl/rsa.h>
176 #include <openssl/objects.h>
177 #include <openssl/md5.h>
178+#include "cryptlib.h"
179
180 static long ssl2_default_timeout(void );
181 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
182@@ -425,10 +426,14 @@
183 #endif
184
185 km=s->s2->key_material;
186+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
187 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
188 {
189 MD5_Init(&ctx);
190-
191+
192+ die(s->session->master_key_length >= 0
193+ && s->session->master_key_length
194+ < sizeof s->session->master_key);
195 MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
196 MD5_Update(&ctx,&c,1);
197 c++;
198@@ -463,6 +468,7 @@
199 /* state=s->rwstate;*/
200 error=s->error;
201 s->error=0;
202+ die(error >= 0 && error <= 3);
203 i=ssl2_write(s,&(buf[3-error]),error);
204 /* if (i == error) s->rwstate=state; */
205
206--- ssl/s2_srvr.c.orig Wed Nov 14 14:19:47 2001
207+++ ssl/s2_srvr.c Fri Jul 26 10:43:56 2002
208@@ -116,6 +116,7 @@
209 #include <openssl/rand.h>
210 #include <openssl/objects.h>
211 #include <openssl/evp.h>
212+#include "cryptlib.h"
213
214 static SSL_METHOD *ssl2_get_server_method(int ver);
215 static int get_client_master_key(SSL *s);
216@@ -417,11 +418,18 @@
217 n2s(p,i); s->s2->tmp.clear=i;
218 n2s(p,i); s->s2->tmp.enc=i;
219 n2s(p,i); s->session->key_arg_length=i;
220+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
221+ {
222+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
223+ SSL_R_KEY_ARG_TOO_LONG);
224+ return -1;
225+ }
226 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
227 }
228
229 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
230 p=(unsigned char *)s->init_buf->data;
231+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
232 keya=s->session->key_arg_length;
233 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
234 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
235@@ -502,6 +510,7 @@
236 #endif
237
238 if (is_export) i+=s->s2->tmp.clear;
239+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
240 s->session->master_key_length=i;
241 memcpy(s->session->master_key,p,(unsigned int)i);
242 return(1);
243@@ -649,6 +658,7 @@
244 p+=s->s2->tmp.session_id_length;
245
246 /* challenge */
247+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
248 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
249 return(1);
250 mem_err:
251@@ -800,6 +810,7 @@
252 }
253
254 /* SSL2_ST_GET_CLIENT_FINISHED_B */
255+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
256 len = 1 + (unsigned long)s->s2->conn_id_length;
257 n = (int)len - s->init_num;
258 i = ssl2_read(s,(char *)&(p[s->init_num]),n);
259@@ -825,6 +836,7 @@
260 {
261 p=(unsigned char *)s->init_buf->data;
262 *(p++)=SSL2_MT_SERVER_VERIFY;
263+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
264 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
265 /* p+=s->s2->challenge_length; */
266
267@@ -844,6 +856,8 @@
268 p=(unsigned char *)s->init_buf->data;
269 *(p++)=SSL2_MT_SERVER_FINISHED;
270
271+ die(s->session->session_id_length
272+ <= sizeof s->session->session_id);
273 memcpy(p,s->session->session_id,
274 (unsigned int)s->session->session_id_length);
275 /* p+=s->session->session_id_length; */
276--- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001
277+++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002
278@@ -64,6 +64,7 @@
279 #include <openssl/sha.h>
280 #include <openssl/evp.h>
281 #include "ssl_locl.h"
282+#include "cryptlib.h"
283
284 static SSL_METHOD *ssl3_get_client_method(int ver);
285 static int ssl3_client_hello(SSL *s);
286@@ -492,6 +493,7 @@
287 *(p++)=i;
288 if (i != 0)
289 {
290+ die(i <= sizeof s->session->session_id);
291 memcpy(p,s->session->session_id,i);
292 p+=i;
293 }
294@@ -572,6 +574,14 @@
295
296 /* get the session-id */
297 j= *(p++);
298+
299+ if(j > sizeof s->session->session_id)
300+ {
301+ al=SSL_AD_ILLEGAL_PARAMETER;
302+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
303+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
304+ goto f_err;
305+ }
306
307 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
308 {
309--- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001
310+++ ssl/ssl.h Fri Jul 26 11:36:19 2002
311@@ -1423,6 +1423,7 @@
312 #define SSL_R_INVALID_COMMAND 280
313 #define SSL_R_INVALID_PURPOSE 278
314 #define SSL_R_INVALID_TRUST 279
315+#define SSL_R_KEY_ARG_TOO_LONG 1112
316 #define SSL_R_LENGTH_MISMATCH 159
317 #define SSL_R_LENGTH_TOO_SHORT 160
318 #define SSL_R_LIBRARY_BUG 274
319@@ -1491,6 +1492,7 @@
320 #define SSL_R_SHORT_READ 219
321 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
322 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
323+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
324 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
325 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
326 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
327--- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000
328+++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002
329@@ -62,6 +62,7 @@
330 #include <openssl/objects.h>
331 #include <openssl/x509.h>
332 #include "ssl_locl.h"
333+#include "cryptlib.h"
334
335 typedef struct ssl_session_asn1_st
336 {
337@@ -275,6 +276,7 @@
338 os.length=i;
339
340 ret->session_id_length=os.length;
341+ die(os.length <= sizeof ret->session_id);
342 memcpy(ret->session_id,os.data,os.length);
343
344 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
345--- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001
346+++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002
347@@ -1,6 +1,6 @@
348 /* ssl/ssl_err.c */
349 /* ====================================================================
350- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
351+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
352 *
353 * Redistribution and use in source and binary forms, with or without
354 * modification, are permitted provided that the following conditions
355@@ -275,6 +275,7 @@
356 {SSL_R_INVALID_COMMAND ,"invalid command"},
357 {SSL_R_INVALID_PURPOSE ,"invalid purpose"},
358 {SSL_R_INVALID_TRUST ,"invalid trust"},
359+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
360 {SSL_R_LENGTH_MISMATCH ,"length mismatch"},
361 {SSL_R_LENGTH_TOO_SHORT ,"length too short"},
362 {SSL_R_LIBRARY_BUG ,"library bug"},
363@@ -343,6 +344,7 @@
364 {SSL_R_SHORT_READ ,"short read"},
365 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
366 {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
367+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
368 {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
369 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
370 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
371--- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
372+++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002
373@@ -60,6 +60,7 @@
374 #include <openssl/lhash.h>
375 #include <openssl/rand.h>
376 #include "ssl_locl.h"
377+#include "cryptlib.h"
378
379 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
380 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
381@@ -199,6 +200,7 @@
382 ss->session_id_length=0;
383 }
384
385+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
386 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
387 ss->sid_ctx_length=s->sid_ctx_length;
388 s->session=ss;
389--- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001
390+++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002
391@@ -122,6 +122,7 @@
392 #include <openssl/evp.h>
393 #include <openssl/x509.h>
394 #include "ssl_locl.h"
395+#include "cryptlib.h"
396
397 static SSL_METHOD *ssl3_get_server_method(int ver);
398 static int ssl3_get_client_hello(SSL *s);
399@@ -942,6 +943,7 @@
400 s->session->session_id_length=0;
401
402 sl=s->session->session_id_length;
403+ die(sl <= sizeof s->session->session_id);
404 *(p++)=sl;
405 memcpy(p,s->session->session_id,sl);
406 p+=sl;
This page took 0.10184 seconds and 4 git commands to generate.