]>
Commit | Line | Data |
---|---|---|
1 | --- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001 | |
2 | +++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002 | |
3 | @@ -491,3 +491,11 @@ | |
4 | #endif | |
5 | ||
6 | #endif | |
7 | + | |
8 | +void OpenSSLDie(const char *file,int line,const char *assertion) | |
9 | + { | |
10 | + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", | |
11 | + file,line,assertion); | |
12 | + abort(); | |
13 | + } | |
14 | + | |
15 | --- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000 | |
16 | +++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002 | |
17 | @@ -89,6 +89,14 @@ | |
18 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" | |
19 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" | |
20 | ||
21 | +/* size of string represenations */ | |
22 | +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | |
23 | +#define HEX_SIZE(type) ((sizeof(type)*2) | |
24 | + | |
25 | +/* die if we have to */ | |
26 | +void OpenSSLDie(const char *file,int line,const char *assertion); | |
27 | +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | |
28 | + | |
29 | #ifdef __cplusplus | |
30 | } | |
31 | #endif | |
32 | --- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001 | |
33 | +++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002 | |
34 | @@ -407,7 +407,7 @@ | |
35 | ||
36 | void asn1_add_error(unsigned char *address, int offset) | |
37 | { | |
38 | - char buf1[16],buf2[16]; | |
39 | + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; | |
40 | ||
41 | sprintf(buf1,"%lu",(unsigned long)address); | |
42 | sprintf(buf2,"%d",offset); | |
43 | --- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000 | |
44 | +++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002 | |
45 | @@ -67,6 +67,7 @@ | |
46 | #include "conf_def.h" | |
47 | #include <openssl/buffer.h> | |
48 | #include <openssl/err.h> | |
49 | +#include "cryptlib.h" | |
50 | ||
51 | static char *eat_ws(CONF *conf, char *p); | |
52 | static char *eat_alpha_numeric(CONF *conf, char *p); | |
53 | @@ -180,12 +181,12 @@ | |
54 | static int def_load(CONF *conf, BIO *in, long *line) | |
55 | { | |
56 | #define BUFSIZE 512 | |
57 | - char btmp[16]; | |
58 | int bufnum=0,i,ii; | |
59 | BUF_MEM *buff=NULL; | |
60 | char *s,*p,*end; | |
61 | int again,n; | |
62 | long eline=0; | |
63 | + char btmp[DECIMAL_SIZE(eline)+1]; | |
64 | CONF_VALUE *v=NULL,*tv; | |
65 | CONF_VALUE *sv=NULL; | |
66 | char *section=NULL,*buf; | |
67 | --- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000 | |
68 | +++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002 | |
69 | @@ -428,7 +428,7 @@ | |
70 | unsigned long l; | |
71 | unsigned char *p; | |
72 | const char *s; | |
73 | - char tbuf[32]; | |
74 | + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; | |
75 | ||
76 | if (buf_len <= 0) return(0); | |
77 | ||
78 | --- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001 | |
79 | +++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002 | |
80 | @@ -116,6 +116,7 @@ | |
81 | #include <openssl/buffer.h> | |
82 | #include <openssl/objects.h> | |
83 | #include <openssl/evp.h> | |
84 | +#include "cryptlib.h" | |
85 | ||
86 | static SSL_METHOD *ssl2_get_client_method(int ver); | |
87 | static int get_server_finished(SSL *s); | |
88 | @@ -517,6 +518,7 @@ | |
89 | } | |
90 | ||
91 | s->s2->conn_id_length=s->s2->tmp.conn_id_length; | |
92 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
93 | memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | |
94 | return(1); | |
95 | } | |
96 | @@ -618,6 +620,7 @@ | |
97 | /* make key_arg data */ | |
98 | i=EVP_CIPHER_iv_length(c); | |
99 | sess->key_arg_length=i; | |
100 | + die(i <= SSL_MAX_KEY_ARG_LENGTH); | |
101 | if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | |
102 | ||
103 | /* make a master key */ | |
104 | @@ -625,6 +628,7 @@ | |
105 | sess->master_key_length=i; | |
106 | if (i > 0) | |
107 | { | |
108 | + die(i <= sizeof sess->master_key); | |
109 | if (RAND_bytes(sess->master_key,i) <= 0) | |
110 | { | |
111 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | |
112 | @@ -668,6 +672,7 @@ | |
113 | d+=enc; | |
114 | karg=sess->key_arg_length; | |
115 | s2n(karg,p); /* key arg size */ | |
116 | + die(karg <= sizeof sess->key_arg); | |
117 | memcpy(d,sess->key_arg,(unsigned int)karg); | |
118 | d+=karg; | |
119 | ||
120 | @@ -688,6 +693,7 @@ | |
121 | { | |
122 | p=(unsigned char *)s->init_buf->data; | |
123 | *(p++)=SSL2_MT_CLIENT_FINISHED; | |
124 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
125 | memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | |
126 | ||
127 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | |
128 | @@ -944,6 +950,8 @@ | |
129 | { | |
130 | if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | |
131 | { | |
132 | + die(s->session->session_id_length | |
133 | + <= sizeof s->session->session_id); | |
134 | if (memcmp(buf,s->session->session_id, | |
135 | (unsigned int)s->session->session_id_length) != 0) | |
136 | { | |
137 | --- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000 | |
138 | +++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002 | |
139 | @@ -62,6 +62,7 @@ | |
140 | #include <openssl/rsa.h> | |
141 | #include <openssl/objects.h> | |
142 | #include <openssl/md5.h> | |
143 | +#include "cryptlib.h" | |
144 | ||
145 | static long ssl2_default_timeout(void ); | |
146 | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | |
147 | @@ -425,10 +426,14 @@ | |
148 | #endif | |
149 | ||
150 | km=s->s2->key_material; | |
151 | + die(s->s2->key_material_length <= sizeof s->s2->key_material); | |
152 | for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) | |
153 | { | |
154 | MD5_Init(&ctx); | |
155 | - | |
156 | + | |
157 | + die(s->session->master_key_length >= 0 | |
158 | + && s->session->master_key_length | |
159 | + < sizeof s->session->master_key); | |
160 | MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); | |
161 | MD5_Update(&ctx,&c,1); | |
162 | c++; | |
163 | @@ -463,6 +468,7 @@ | |
164 | /* state=s->rwstate;*/ | |
165 | error=s->error; | |
166 | s->error=0; | |
167 | + die(error >= 0 && error <= 3); | |
168 | i=ssl2_write(s,&(buf[3-error]),error); | |
169 | /* if (i == error) s->rwstate=state; */ | |
170 | ||
171 | --- ssl/s2_srvr.c.orig Wed Nov 14 14:19:47 2001 | |
172 | +++ ssl/s2_srvr.c Fri Jul 26 10:43:56 2002 | |
173 | @@ -116,6 +116,7 @@ | |
174 | #include <openssl/rand.h> | |
175 | #include <openssl/objects.h> | |
176 | #include <openssl/evp.h> | |
177 | +#include "cryptlib.h" | |
178 | ||
179 | static SSL_METHOD *ssl2_get_server_method(int ver); | |
180 | static int get_client_master_key(SSL *s); | |
181 | @@ -417,11 +418,18 @@ | |
182 | n2s(p,i); s->s2->tmp.clear=i; | |
183 | n2s(p,i); s->s2->tmp.enc=i; | |
184 | n2s(p,i); s->session->key_arg_length=i; | |
185 | + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | |
186 | + { | |
187 | + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | |
188 | + SSL_R_KEY_ARG_TOO_LONG); | |
189 | + return -1; | |
190 | + } | |
191 | s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | |
192 | } | |
193 | ||
194 | /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | |
195 | p=(unsigned char *)s->init_buf->data; | |
196 | + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); | |
197 | keya=s->session->key_arg_length; | |
198 | len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | |
199 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | |
200 | @@ -502,6 +510,7 @@ | |
201 | #endif | |
202 | ||
203 | if (is_export) i+=s->s2->tmp.clear; | |
204 | + die(i <= SSL_MAX_MASTER_KEY_LENGTH); | |
205 | s->session->master_key_length=i; | |
206 | memcpy(s->session->master_key,p,(unsigned int)i); | |
207 | return(1); | |
208 | @@ -649,6 +658,7 @@ | |
209 | p+=s->s2->tmp.session_id_length; | |
210 | ||
211 | /* challenge */ | |
212 | + die(s->s2->challenge_length <= sizeof s->s2->challenge); | |
213 | memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | |
214 | return(1); | |
215 | mem_err: | |
216 | @@ -800,6 +810,7 @@ | |
217 | } | |
218 | ||
219 | /* SSL2_ST_GET_CLIENT_FINISHED_B */ | |
220 | + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | |
221 | len = 1 + (unsigned long)s->s2->conn_id_length; | |
222 | n = (int)len - s->init_num; | |
223 | i = ssl2_read(s,(char *)&(p[s->init_num]),n); | |
224 | @@ -825,6 +836,7 @@ | |
225 | { | |
226 | p=(unsigned char *)s->init_buf->data; | |
227 | *(p++)=SSL2_MT_SERVER_VERIFY; | |
228 | + die(s->s2->challenge_length <= sizeof s->s2->challenge); | |
229 | memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | |
230 | /* p+=s->s2->challenge_length; */ | |
231 | ||
232 | @@ -844,6 +856,8 @@ | |
233 | p=(unsigned char *)s->init_buf->data; | |
234 | *(p++)=SSL2_MT_SERVER_FINISHED; | |
235 | ||
236 | + die(s->session->session_id_length | |
237 | + <= sizeof s->session->session_id); | |
238 | memcpy(p,s->session->session_id, | |
239 | (unsigned int)s->session->session_id_length); | |
240 | /* p+=s->session->session_id_length; */ | |
241 | --- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001 | |
242 | +++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002 | |
243 | @@ -64,6 +64,7 @@ | |
244 | #include <openssl/sha.h> | |
245 | #include <openssl/evp.h> | |
246 | #include "ssl_locl.h" | |
247 | +#include "cryptlib.h" | |
248 | ||
249 | static SSL_METHOD *ssl3_get_client_method(int ver); | |
250 | static int ssl3_client_hello(SSL *s); | |
251 | @@ -492,6 +493,7 @@ | |
252 | *(p++)=i; | |
253 | if (i != 0) | |
254 | { | |
255 | + die(i <= sizeof s->session->session_id); | |
256 | memcpy(p,s->session->session_id,i); | |
257 | p+=i; | |
258 | } | |
259 | @@ -572,6 +574,14 @@ | |
260 | ||
261 | /* get the session-id */ | |
262 | j= *(p++); | |
263 | + | |
264 | + if(j > sizeof s->session->session_id) | |
265 | + { | |
266 | + al=SSL_AD_ILLEGAL_PARAMETER; | |
267 | + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | |
268 | + SSL_R_SSL3_SESSION_ID_TOO_LONG); | |
269 | + goto f_err; | |
270 | + } | |
271 | ||
272 | if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) | |
273 | { | |
274 | --- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001 | |
275 | +++ ssl/ssl.h Fri Jul 26 11:36:19 2002 | |
276 | @@ -1423,6 +1423,7 @@ | |
277 | #define SSL_R_INVALID_COMMAND 280 | |
278 | #define SSL_R_INVALID_PURPOSE 278 | |
279 | #define SSL_R_INVALID_TRUST 279 | |
280 | +#define SSL_R_KEY_ARG_TOO_LONG 1112 | |
281 | #define SSL_R_LENGTH_MISMATCH 159 | |
282 | #define SSL_R_LENGTH_TOO_SHORT 160 | |
283 | #define SSL_R_LIBRARY_BUG 274 | |
284 | @@ -1491,6 +1492,7 @@ | |
285 | #define SSL_R_SHORT_READ 219 | |
286 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | |
287 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | |
288 | +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 | |
289 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | |
290 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | |
291 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 | |
292 | --- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000 | |
293 | +++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002 | |
294 | @@ -62,6 +62,7 @@ | |
295 | #include <openssl/objects.h> | |
296 | #include <openssl/x509.h> | |
297 | #include "ssl_locl.h" | |
298 | +#include "cryptlib.h" | |
299 | ||
300 | typedef struct ssl_session_asn1_st | |
301 | { | |
302 | @@ -275,6 +276,7 @@ | |
303 | os.length=i; | |
304 | ||
305 | ret->session_id_length=os.length; | |
306 | + die(os.length <= sizeof ret->session_id); | |
307 | memcpy(ret->session_id,os.data,os.length); | |
308 | ||
309 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | |
310 | --- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001 | |
311 | +++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002 | |
312 | @@ -1,6 +1,6 @@ | |
313 | /* ssl/ssl_err.c */ | |
314 | /* ==================================================================== | |
315 | - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
316 | + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | |
317 | * | |
318 | * Redistribution and use in source and binary forms, with or without | |
319 | * modification, are permitted provided that the following conditions | |
320 | @@ -275,6 +275,7 @@ | |
321 | {SSL_R_INVALID_COMMAND ,"invalid command"}, | |
322 | {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, | |
323 | {SSL_R_INVALID_TRUST ,"invalid trust"}, | |
324 | +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, | |
325 | {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, | |
326 | {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, | |
327 | {SSL_R_LIBRARY_BUG ,"library bug"}, | |
328 | @@ -343,6 +344,7 @@ | |
329 | {SSL_R_SHORT_READ ,"short read"}, | |
330 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | |
331 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | |
332 | +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, | |
333 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | |
334 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | |
335 | {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, | |
336 | --- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000 | |
337 | +++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002 | |
338 | @@ -60,6 +60,7 @@ | |
339 | #include <openssl/lhash.h> | |
340 | #include <openssl/rand.h> | |
341 | #include "ssl_locl.h" | |
342 | +#include "cryptlib.h" | |
343 | ||
344 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | |
345 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | |
346 | @@ -199,6 +200,7 @@ | |
347 | ss->session_id_length=0; | |
348 | } | |
349 | ||
350 | + die(s->sid_ctx_length <= sizeof ss->sid_ctx); | |
351 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | |
352 | ss->sid_ctx_length=s->sid_ctx_length; | |
353 | s->session=ss; | |
354 | --- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001 | |
355 | +++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002 | |
356 | @@ -122,6 +122,7 @@ | |
357 | #include <openssl/evp.h> | |
358 | #include <openssl/x509.h> | |
359 | #include "ssl_locl.h" | |
360 | +#include "cryptlib.h" | |
361 | ||
362 | static SSL_METHOD *ssl3_get_server_method(int ver); | |
363 | static int ssl3_get_client_hello(SSL *s); | |
364 | @@ -942,6 +943,7 @@ | |
365 | s->session->session_id_length=0; | |
366 | ||
367 | sl=s->session->session_id_length; | |
368 | + die(sl <= sizeof s->session->session_id); | |
369 | *(p++)=sl; | |
370 | memcpy(p,s->session->session_id,sl); | |
371 | p+=sl; |