diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-10-03 20:24:59 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-10-03 20:24:59 +0000 |
| commit | d28ce3879bc9bbe07c5b218407807157a05ade81 (patch) | |
| tree | 0e573cb15e3dab13eff69802d5f47d6e76c8769e | |
| parent | 5b0811458aa73c87058a6805acb73faebe8d6091 (diff) | |
| download | src-test2-d28ce3879bc9bbe07c5b218407807157a05ade81.tar.gz src-test2-d28ce3879bc9bbe07c5b218407807157a05ade81.zip | |
Correct vulnerabilities in OpenSSL ASN.1 parsing.
Obtained from: openssl.org CVS
Notes
Notes:
svn path=/releng/4.7/; revision=120712
| -rw-r--r-- | UPDATING | 3 | ||||
| -rw-r--r-- | crypto/openssl/crypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | crypto/openssl/crypto/x509/x509_vfy.c | 2 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 9 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 |
5 files changed, 12 insertions, 6 deletions
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20031003: p23 FreeBSD-SA-03:18.openssl + Corrected vulnerabilities in OpenSSL ASN.1 parsing. + 20031003: p22 FreeBSD-SA-03:17.procfs Correct integer underflows/overflows in procfs(5) and linprocfs(5). diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c index e4a56a926af7..6e49624718e7 100644 --- a/crypto/openssl/crypto/asn1/asn1_lib.c +++ b/crypto/openssl/crypto/asn1/asn1_lib.c @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 9ad9276ff76b..1d14401a8b41 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 88168dfcc455..a11516fc81f7 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -420,10 +420,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 7d417991cf6b..a329325eb442 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.7" -BRANCH="RELEASE-p22" +BRANCH="RELEASE-p23" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |