1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
diff -cr openssl7/CHANGES ossl7/CHANGES
*** openssl7/CHANGES Thu Sep 4 12:52:10 2003
--- ossl7/CHANGES Mon Sep 29 21:26:37 2003
***************
*** 4,9 ****
--- 4,21 ----
Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
*) New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
[Steve Henson]
***************
*** 1982,1987 ****
--- 1994,2009 ----
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
diff -cr openssl7/crypto/asn1/asn1_lib.c ossl7/crypto/asn1/asn1_lib.c
*** openssl7/crypto/asn1/asn1_lib.c Fri Aug 2 19:03:41 2002
--- ossl7/crypto/asn1/asn1_lib.c Mon Sep 29 21:26:37 2003
***************
*** 104,113 ****
--- 104,115 ----
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
diff -cr openssl7/crypto/asn1/tasn_dec.c ossl7/crypto/asn1/tasn_dec.c
*** openssl7/crypto/asn1/tasn_dec.c Tue Nov 12 13:21:26 2002
--- ossl7/crypto/asn1/tasn_dec.c Mon Sep 29 21:26:37 2003
***************
*** 691,696 ****
--- 691,697 ----
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
{
+ ASN1_VALUE **opval = NULL;
ASN1_STRING *stmp;
ASN1_TYPE *typ = NULL;
int ret = 0;
***************
*** 705,710 ****
--- 706,712 ----
*pval = (ASN1_VALUE *)typ;
} else typ = (ASN1_TYPE *)*pval;
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+ opval = pval;
pval = (ASN1_VALUE **)&typ->value.ptr;
}
switch(utype) {
***************
*** 796,802 ****
ret = 1;
err:
! if(!ret) ASN1_TYPE_free(typ);
return ret;
}
--- 798,809 ----
ret = 1;
err:
! if(!ret)
! {
! ASN1_TYPE_free(typ);
! if (opval)
! *opval = NULL;
! }
return ret;
}
diff -cr openssl7/crypto/x509/x509_vfy.c ossl7/crypto/x509/x509_vfy.c
*** openssl7/crypto/x509/x509_vfy.c Wed Jun 4 00:40:47 2003
--- ossl7/crypto/x509/x509_vfy.c Mon Sep 29 21:26:37 2003
***************
*** 674,680 ****
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
! if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
--- 674,680 ----
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
! else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
|
