diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-07 18:25:10 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 15:19:55 +0100 |
| commit | 98ba251fe6f49fc2ee310f6e559c3431922fa16d (patch) | |
| tree | 2787fdf68a482df147536e9d6c1051c8289bd73e | |
| parent | v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks (diff) | |
| download | openssl-98ba251fe6f49fc2ee310f6e559c3431922fa16d.tar.xz openssl-98ba251fe6f49fc2ee310f6e559c3431922fa16d.zip | |
openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)
| -rw-r--r-- | crypto/cpt_err.c | 2 | ||||
| -rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
| -rw-r--r-- | crypto/o_str.c | 7 | ||||
| -rw-r--r-- | include/crypto/cryptoerr.h | 2 | ||||
| -rw-r--r-- | include/openssl/cryptoerr.h | 1 |
5 files changed, 11 insertions, 2 deletions
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 7aa5416720..65fb429c58 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -21,6 +21,8 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = { "conflicting names"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT), + "hex string too short"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_DATA_SPACE), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 273400e3c4..60f343eb7d 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2318,6 +2318,7 @@ CRMF_R_UNSUPPORTED_POPO_METHOD:116:unsupported popo method CRYPTO_R_BAD_ALGORITHM_NAME:117:bad algorithm name CRYPTO_R_CONFLICTING_NAMES:118:conflicting names CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported +CRYPTO_R_HEX_STRING_TOO_SHORT:121:hex string too short CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space CRYPTO_R_INSUFFICIENT_PARAM_SIZE:107:insufficient param size diff --git a/crypto/o_str.c b/crypto/o_str.c index 142ac4ba44..dbecf4841c 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -187,7 +187,12 @@ unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen, unsigned char *buf; size_t buf_n, tmp_buflen; - buf_n = strlen(str) >> 1; + buf_n = strlen(str); + if (buf_n <= 1) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_HEX_STRING_TOO_SHORT); + return NULL; + } + buf_n /= 2; if ((buf = OPENSSL_malloc(buf_n)) == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/include/crypto/cryptoerr.h b/include/crypto/cryptoerr.h index 81af1ed558..419ca1aac1 100644 --- a/include/crypto/cryptoerr.h +++ b/include/crypto/cryptoerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index 971ae122b9..c7371124aa 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -78,6 +78,7 @@ # define CRYPTO_R_BAD_ALGORITHM_NAME 117 # define CRYPTO_R_CONFLICTING_NAMES 118 # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_HEX_STRING_TOO_SHORT 121 # define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 # define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 # define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 |