diff options
| author | XZ-X <xu1415@purdue.edu> | 2024-07-22 20:33:02 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-08-20 11:45:14 +0200 |
| commit | 391334dd8ca7374c17e0a616ff539c84ec99eddb (patch) | |
| tree | a98a59f869290d6fec6192087a91ef1c6611e230 | |
| parent | Enhance s_client Output (diff) | |
| download | openssl-391334dd8ca7374c17e0a616ff539c84ec99eddb.tar.xz openssl-391334dd8ca7374c17e0a616ff539c84ec99eddb.zip | |
When calling ASN1_item_i2d () check both returned length and allocated pointer
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24979)
| -rw-r--r-- | crypto/asn1/a_dup.c | 2 | ||||
| -rw-r--r-- | crypto/asn1/a_i2d_fp.c | 2 | ||||
| -rw-r--r-- | crypto/cms/cms_sd.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_attr.c | 4 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 4 |
5 files changed, 9 insertions, 5 deletions
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c index 23d1d63808..33dc3ff58e 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.c @@ -75,7 +75,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) } i = ASN1_item_i2d(x, &b, it); - if (b == NULL) { + if (i < 0 || b == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); return NULL; } diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c index e30f1f2a17..ccee6fccb0 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.c @@ -88,7 +88,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x) int i, j = 0, n, ret = 1; n = ASN1_item_i2d(x, &b, it); - if (b == NULL) { + if (n < 0 || b == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); return 0; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index a76e795df5..a0badeb44d 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -862,7 +862,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); - if (!abuf) + if (alen < 0 || abuf == NULL) goto err; if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) goto err; diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c index a12d65bb8e..cef22365eb 100644 --- a/crypto/pkcs7/pk7_attr.c +++ b/crypto/pkcs7/pk7_attr.c @@ -28,6 +28,10 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, } seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, ASN1_ITEM_rptr(X509_ALGORS)); + if (seq->length <= 0 || seq->data == NULL) { + ASN1_STRING_free(seq); + return 1; + } if (!PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, V_ASN1_SEQUENCE, seq)) { ASN1_STRING_free(seq); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4748d4207d..6a53d8912c 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -920,7 +920,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if (!abuf) + if (alen < 0 || abuf == NULL) goto err; if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) goto err; @@ -1102,7 +1102,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); - if (alen <= 0) { + if (alen <= 0 || abuf == NULL) { ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); ret = -1; goto err; |