- missing fixes for ASN.1
[packages/openssl.git] / openssl-0.9.6c-security.patch
1 --- crypto/cryptlib.c.orig      Fri Nov 23 13:57:59 2001
2 +++ crypto/cryptlib.c   Fri Jul 26 10:43:56 2002
3 @@ -491,3 +491,11 @@
4  #endif
5  
6  #endif
7 +
8 +void OpenSSLDie(const char *file,int line,const char *assertion)
9 +    {
10 +    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
11 +           file,line,assertion);
12 +    abort();
13 +    }
14 +
15 --- crypto/cryptlib.h.orig      Tue May  2 06:35:04 2000
16 +++ crypto/cryptlib.h   Fri Jul 26 10:43:56 2002
17 @@ -89,6 +89,14 @@
18  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
19  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
20  
21 +/* size of string represenations */
22 +#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
23 +#define HEX_SIZE(type)         ((sizeof(type)*2)
24 +
25 +/* die if we have to */
26 +void OpenSSLDie(const char *file,int line,const char *assertion);
27 +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
28 +
29  #ifdef  __cplusplus
30  }
31  #endif
32 --- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
33 +++ crypto/asn1/asn1_lib.c      Fri Jul 26 10:43:56 2002
34 @@ -124,15 +124,13 @@
35                 (int)(omax+ *pp));
36  
37  #endif
38 -#if 0
39 -       if ((p+ *plength) > (omax+ *pp))
40 +       if (*plength > (omax - (*pp - p)))
41                 {
42                 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
43                 /* Set this so that even if things are not long enough
44                  * the values are set correctly */
45                 ret|=0x80;
46                 }
47 -#endif
48         *pp=p;
49         return(ret|inf);
50  err:
51 @@ -159,6 +157,8 @@
52                 i= *p&0x7f;
53                 if (*(p++) & 0x80)
54                         {
55 +                       if (i > sizeof(long))
56 +                               return 0;
57                         if (max-- == 0) return(0);
58                         while (i-- > 0)
59                                 {
60 @@ -170,6 +170,8 @@
61                 else
62                         ret=i;
63                 }
64 +       if (ret < 0)
65 +               return 0;
66         *pp=p;
67         *rl=ret;
68         return(1);
69 @@ -407,7 +407,7 @@
70  
71  void asn1_add_error(unsigned char *address, int offset)
72         {
73 -       char buf1[16],buf2[16];
74 +       char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
75  
76         sprintf(buf1,"%lu",(unsigned long)address);
77         sprintf(buf2,"%d",offset);
78 --- crypto/conf/conf_def.c.orig Tue Jun  6 09:21:12 2000
79 +++ crypto/conf/conf_def.c      Fri Jul 26 10:43:56 2002
80 @@ -67,6 +67,7 @@
81  #include "conf_def.h"
82  #include <openssl/buffer.h>
83  #include <openssl/err.h>
84 +#include "cryptlib.h"
85  
86  static char *eat_ws(CONF *conf, char *p);
87  static char *eat_alpha_numeric(CONF *conf, char *p);
88 @@ -180,12 +181,12 @@
89  static int def_load(CONF *conf, BIO *in, long *line)
90         {
91  #define BUFSIZE        512
92 -       char btmp[16];
93         int bufnum=0,i,ii;
94         BUF_MEM *buff=NULL;
95         char *s,*p,*end;
96         int again,n;
97         long eline=0;
98 +       char btmp[DECIMAL_SIZE(eline)+1];
99         CONF_VALUE *v=NULL,*tv;
100         CONF_VALUE *sv=NULL;
101         char *section=NULL,*buf;
102 --- crypto/objects/obj_dat.c.orig       Mon Sep  4 09:34:35 2000
103 +++ crypto/objects/obj_dat.c    Fri Jul 26 10:43:56 2002
104 @@ -428,7 +428,7 @@
105         unsigned long l;
106         unsigned char *p;
107         const char *s;
108 -       char tbuf[32];
109 +       char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
110  
111         if (buf_len <= 0) return(0);
112  
113 --- ssl/s2_clnt.c.orig  Sat Nov 10 03:43:51 2001
114 +++ ssl/s2_clnt.c       Fri Jul 26 10:43:56 2002
115 @@ -116,6 +116,7 @@
116  #include <openssl/buffer.h>
117  #include <openssl/objects.h>
118  #include <openssl/evp.h>
119 +#include "cryptlib.h"
120  
121  static SSL_METHOD *ssl2_get_client_method(int ver);
122  static int get_server_finished(SSL *s);
123 @@ -517,6 +518,7 @@
124                 }
125                 
126         s->s2->conn_id_length=s->s2->tmp.conn_id_length;
127 +       die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
128         memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
129         return(1);
130         }
131 @@ -618,6 +620,7 @@
132                 /* make key_arg data */
133                 i=EVP_CIPHER_iv_length(c);
134                 sess->key_arg_length=i;
135 +               die(i <= SSL_MAX_KEY_ARG_LENGTH);
136                 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
137  
138                 /* make a master key */
139 @@ -625,6 +628,7 @@
140                 sess->master_key_length=i;
141                 if (i > 0)
142                         {
143 +                       die(i <= sizeof sess->master_key);
144                         if (RAND_bytes(sess->master_key,i) <= 0)
145                                 {
146                                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
147 @@ -668,6 +672,7 @@
148                 d+=enc;
149                 karg=sess->key_arg_length;      
150                 s2n(karg,p); /* key arg size */
151 +               die(karg <= sizeof sess->key_arg);
152                 memcpy(d,sess->key_arg,(unsigned int)karg);
153                 d+=karg;
154  
155 @@ -688,6 +693,7 @@
156                 {
157                 p=(unsigned char *)s->init_buf->data;
158                 *(p++)=SSL2_MT_CLIENT_FINISHED;
159 +               die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
160                 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
161  
162                 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
163 @@ -944,6 +950,8 @@
164                 {
165                 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
166                         {
167 +                       die(s->session->session_id_length
168 +                           <= sizeof s->session->session_id);
169                         if (memcmp(buf,s->session->session_id,
170                                 (unsigned int)s->session->session_id_length) != 0)
171                                 {
172 --- ssl/s2_lib.c.orig   Tue Dec 26 05:06:47 2000
173 +++ ssl/s2_lib.c        Fri Jul 26 10:52:20 2002
174 @@ -62,6 +62,7 @@
175  #include <openssl/rsa.h>
176  #include <openssl/objects.h>
177  #include <openssl/md5.h>
178 +#include "cryptlib.h"
179  
180  static long ssl2_default_timeout(void );
181  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
182 @@ -425,10 +426,14 @@
183  #endif
184  
185         km=s->s2->key_material;
186 +       die(s->s2->key_material_length <= sizeof s->s2->key_material);
187         for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
188                 {
189                 MD5_Init(&ctx);
190 -
191 +               
192 +               die(s->session->master_key_length >= 0
193 +                   && s->session->master_key_length
194 +                   < sizeof s->session->master_key);
195                 MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
196                 MD5_Update(&ctx,&c,1);
197                 c++;
198 @@ -463,6 +468,7 @@
199  /*     state=s->rwstate;*/
200         error=s->error;
201         s->error=0;
202 +       die(error >= 0 && error <= 3);
203         i=ssl2_write(s,&(buf[3-error]),error);
204  /*     if (i == error) s->rwstate=state; */
205  
206 --- ssl/s2_srvr.c.orig  Wed Nov 14 14:19:47 2001
207 +++ ssl/s2_srvr.c       Fri Jul 26 10:43:56 2002
208 @@ -116,6 +116,7 @@
209  #include <openssl/rand.h>
210  #include <openssl/objects.h>
211  #include <openssl/evp.h>
212 +#include "cryptlib.h"
213  
214  static SSL_METHOD *ssl2_get_server_method(int ver);
215  static int get_client_master_key(SSL *s);
216 @@ -417,11 +418,18 @@
217                 n2s(p,i); s->s2->tmp.clear=i;
218                 n2s(p,i); s->s2->tmp.enc=i;
219                 n2s(p,i); s->session->key_arg_length=i;
220 +               if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
221 +                       {
222 +                       SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
223 +                                  SSL_R_KEY_ARG_TOO_LONG);
224 +                       return -1;
225 +                       }
226                 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
227                 }
228  
229         /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
230         p=(unsigned char *)s->init_buf->data;
231 +       die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
232         keya=s->session->key_arg_length;
233         len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
234         if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
235 @@ -502,6 +510,7 @@
236  #endif
237  
238         if (is_export) i+=s->s2->tmp.clear;
239 +       die(i <= SSL_MAX_MASTER_KEY_LENGTH);
240         s->session->master_key_length=i;
241         memcpy(s->session->master_key,p,(unsigned int)i);
242         return(1);
243 @@ -649,6 +658,7 @@
244         p+=s->s2->tmp.session_id_length;
245  
246         /* challenge */
247 +       die(s->s2->challenge_length <= sizeof s->s2->challenge);
248         memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
249         return(1);
250  mem_err:
251 @@ -800,6 +810,7 @@
252                 }
253  
254         /* SSL2_ST_GET_CLIENT_FINISHED_B */
255 +       die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
256         len = 1 + (unsigned long)s->s2->conn_id_length;
257         n = (int)len - s->init_num;
258         i = ssl2_read(s,(char *)&(p[s->init_num]),n);
259 @@ -825,6 +836,7 @@
260                 {
261                 p=(unsigned char *)s->init_buf->data;
262                 *(p++)=SSL2_MT_SERVER_VERIFY;
263 +               die(s->s2->challenge_length <= sizeof s->s2->challenge);
264                 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
265                 /* p+=s->s2->challenge_length; */
266  
267 @@ -844,6 +856,8 @@
268                 p=(unsigned char *)s->init_buf->data;
269                 *(p++)=SSL2_MT_SERVER_FINISHED;
270  
271 +               die(s->session->session_id_length
272 +                   <= sizeof s->session->session_id);
273                 memcpy(p,s->session->session_id,
274                         (unsigned int)s->session->session_id_length);
275                 /* p+=s->session->session_id_length; */
276 --- ssl/s3_clnt.c.orig  Thu Oct 25 02:18:54 2001
277 +++ ssl/s3_clnt.c       Fri Jul 26 10:56:23 2002
278 @@ -64,6 +64,7 @@
279  #include <openssl/sha.h>
280  #include <openssl/evp.h>
281  #include "ssl_locl.h"
282 +#include "cryptlib.h"
283  
284  static SSL_METHOD *ssl3_get_client_method(int ver);
285  static int ssl3_client_hello(SSL *s);
286 @@ -492,6 +493,7 @@
287                 *(p++)=i;
288                 if (i != 0)
289                         {
290 +                       die(i <= sizeof s->session->session_id);
291                         memcpy(p,s->session->session_id,i);
292                         p+=i;
293                         }
294 @@ -572,6 +574,14 @@
295  
296         /* get the session-id */
297         j= *(p++);
298 +
299 +       if(j > sizeof s->session->session_id)
300 +               {
301 +               al=SSL_AD_ILLEGAL_PARAMETER;
302 +               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
303 +                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
304 +               goto f_err;
305 +               }
306  
307         if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
308                 {
309 --- ssl/ssl.h.orig      Mon Dec 17 12:24:39 2001
310 +++ ssl/ssl.h   Fri Jul 26 11:36:19 2002
311 @@ -1423,6 +1423,7 @@
312  #define SSL_R_INVALID_COMMAND                           280
313  #define SSL_R_INVALID_PURPOSE                           278
314  #define SSL_R_INVALID_TRUST                             279
315 +#define SSL_R_KEY_ARG_TOO_LONG                          1112
316  #define SSL_R_LENGTH_MISMATCH                           159
317  #define SSL_R_LENGTH_TOO_SHORT                          160
318  #define SSL_R_LIBRARY_BUG                               274
319 @@ -1491,6 +1492,7 @@
320  #define SSL_R_SHORT_READ                                219
321  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE     220
322  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE              221
323 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG                  1113
324  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                         222
325  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE               1042
326  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                1020
327 --- ssl/ssl_asn1.c.orig Thu Jun  1 16:19:19 2000
328 +++ ssl/ssl_asn1.c      Fri Jul 26 11:37:53 2002
329 @@ -62,6 +62,7 @@
330  #include <openssl/objects.h>
331  #include <openssl/x509.h>
332  #include "ssl_locl.h"
333 +#include "cryptlib.h"
334  
335  typedef struct ssl_session_asn1_st
336         {
337 @@ -275,6 +276,7 @@
338                 os.length=i;
339  
340         ret->session_id_length=os.length;
341 +       die(os.length <= sizeof ret->session_id);
342         memcpy(ret->session_id,os.data,os.length);
343  
344         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
345 --- ssl/ssl_err.c.orig  Fri Nov  9 18:15:29 2001
346 +++ ssl/ssl_err.c       Fri Jul 26 11:39:21 2002
347 @@ -1,6 +1,6 @@
348  /* ssl/ssl_err.c */
349  /* ====================================================================
350 - * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
351 + * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
352   *
353   * Redistribution and use in source and binary forms, with or without
354   * modification, are permitted provided that the following conditions
355 @@ -275,6 +275,7 @@
356  {SSL_R_INVALID_COMMAND                   ,"invalid command"},
357  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
358  {SSL_R_INVALID_TRUST                     ,"invalid trust"},
359 +{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
360  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
361  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
362  {SSL_R_LIBRARY_BUG                       ,"library bug"},
363 @@ -343,6 +344,7 @@
364  {SSL_R_SHORT_READ                        ,"short read"},
365  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
366  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
367 +{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
368  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
369  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
370  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
371 --- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
372 +++ ssl/ssl_sess.c      Fri Jul 26 10:43:56 2002
373 @@ -60,6 +60,7 @@
374  #include <openssl/lhash.h>
375  #include <openssl/rand.h>
376  #include "ssl_locl.h"
377 +#include "cryptlib.h"
378  
379  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
380  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
381 @@ -199,6 +200,7 @@
382                 ss->session_id_length=0;
383                 }
384  
385 +       die(s->sid_ctx_length <= sizeof ss->sid_ctx);
386         memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
387         ss->sid_ctx_length=s->sid_ctx_length;
388         s->session=ss;
389 --- ssl/s3_srvr.c.orig  Thu Oct 25 02:18:56 2001
390 +++ ssl/s3_srvr.c       Fri Jul 26 11:27:08 2002
391 @@ -122,6 +122,7 @@
392  #include <openssl/evp.h>
393  #include <openssl/x509.h>
394  #include "ssl_locl.h"
395 +#include "cryptlib.h"
396  
397  static SSL_METHOD *ssl3_get_server_method(int ver);
398  static int ssl3_get_client_hello(SSL *s);
399 @@ -942,6 +943,7 @@
400                         s->session->session_id_length=0;
401  
402                 sl=s->session->session_id_length;
403 +               die(sl <= sizeof s->session->session_id);
404                 *(p++)=sl;
405                 memcpy(p,s->session->session_id,sl);
406                 p+=sl;
This page took 0.093651 seconds and 3 git commands to generate.