aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-10-03 20:24:59 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-10-03 20:24:59 +0000
commitd3ef18af696c31b39273d15f1d78d8b46b1d81f3 (patch)
treef24470cccf0f3ce7806c33e6cb7845d61f6ebe10
parent23df981d6679d9b93784b7e048cb00d56f97cb5c (diff)
downloadsrc-d3ef18af696c31b39273d15f1d78d8b46b1d81f3.tar.gz
src-d3ef18af696c31b39273d15f1d78d8b46b1d81f3.zip
Correct vulnerabilities in OpenSSL ASN.1 parsing.
Obtained from: openssl.org CVS
Notes
Notes: svn path=/releng/5.0/; revision=120712
-rw-r--r--UPDATING3
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c2
-rw-r--r--crypto/openssl/ssl/s3_srvr.c9
-rw-r--r--sys/conf/newvers.sh2
5 files changed, 12 insertions, 6 deletions
diff --git a/UPDATING b/UPDATING
index 480cb6fc451a..eb83571ab4dd 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20031003: p18 FreeBSD-SA-03:18.openssl
+ Corrected vulnerabilities in OpenSSL ASN.1 parsing.
+
20031003: p17 FreeBSD-SA-03:17.procfs
Correct integer underflows/overflows in procfs(5) and linprocfs(5).
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index e4a56a926af7..6e49624718e7 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 9ad9276ff76b..1d14401a8b41 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
- if (X509_verify(xs,pkey) <= 0)
+ else if (X509_verify(xs,pkey) <= 0)
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 88168dfcc455..a11516fc81f7 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -420,10 +420,11 @@ int ssl3_accept(SSL *s)
if (ret == 2)
s->state = SSL3_ST_SR_CLNT_HELLO_C;
else {
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
+ if (s->s3->tmp.cert_request)
+ {
+ ret=ssl3_get_client_certificate(s);
+ if (ret <= 0) goto end;
+ }
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index a696e7efef2a..75832125cb81 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="5.0"
-BRANCH="RELEASE-p17"
+BRANCH="RELEASE-p18"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"