YaSSL cert info buffer overflow fix
Apply a diff from [Yassl-commit] yassl/taocrypt/src asn.cpp,1.13,1.14 [Yassl-commit] yassl/taocrypt/include asn.hpp,1.9,1.10 Original patch http://lists.mysql.com/commits/96697 extra/yassl/taocrypt/include/asn.hpp: [Yassl-commit] yassl/taocrypt/include asn.hpp,1.9,1.10 extra/yassl/taocrypt/src/asn.cpp: [Yassl-commit] yassl/taocrypt/src asn.cpp,1.13,1.14
This commit is contained in:
Sergei Golubchik
parent
9308987362
commit
0d09e3a55f
@ -305,6 +305,7 @@ private:
|
|||||||
bool ValidateSignature(SignerList*);
|
bool ValidateSignature(SignerList*);
|
||||||
bool ConfirmSignature(Source&);
|
bool ConfirmSignature(Source&);
|
||||||
void GetKey();
|
void GetKey();
|
||||||
|
char* AddTag(char*, const char*, const char*, word32, word32);
|
||||||
void GetName(NameType);
|
void GetName(NameType);
|
||||||
void GetValidity();
|
void GetValidity();
|
||||||
void GetDate(DateType);
|
void GetDate(DateType);
|
||||||
|
|||||||
@ -652,6 +652,25 @@ word32 CertDecoder::GetDigest()
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// memory length checked add tag to buffer
|
||||||
|
char* CertDecoder::AddTag(char* ptr, const char* buf_end, const char* tag_name,
|
||||||
|
word32 tag_name_length, word32 tag_value_length)
|
||||||
|
{
|
||||||
|
if (ptr + tag_name_length + tag_value_length > buf_end) {
|
||||||
|
source_.SetError(CONTENT_E);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(ptr, tag_name, tag_name_length);
|
||||||
|
ptr += tag_name_length;
|
||||||
|
|
||||||
|
memcpy(ptr, source_.get_current(), tag_value_length);
|
||||||
|
ptr += tag_value_length;
|
||||||
|
|
||||||
|
return ptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// process NAME, either issuer or subject
|
// process NAME, either issuer or subject
|
||||||
void CertDecoder::GetName(NameType nt)
|
void CertDecoder::GetName(NameType nt)
|
||||||
{
|
{
|
||||||
@ -659,11 +678,22 @@ void CertDecoder::GetName(NameType nt)
|
|||||||
|
|
||||||
SHA sha;
|
SHA sha;
|
||||||
word32 length = GetSequence(); // length of all distinguished names
|
word32 length = GetSequence(); // length of all distinguished names
|
||||||
assert (length < ASN_NAME_MAX);
|
|
||||||
|
if (length >= ASN_NAME_MAX)
|
||||||
|
return;
|
||||||
length += source_.get_index();
|
length += source_.get_index();
|
||||||
|
|
||||||
char* ptr = (nt == ISSUER) ? issuer_ : subject_;
|
char* ptr;
|
||||||
word32 idx = 0;
|
char* buf_end;
|
||||||
|
|
||||||
|
if (nt == ISSUER) {
|
||||||
|
ptr = issuer_;
|
||||||
|
buf_end = ptr + sizeof(issuer_) - 1; // 1 byte for trailing 0
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ptr = subject_;
|
||||||
|
buf_end = ptr + sizeof(subject_) - 1; // 1 byte for trailing 0
|
||||||
|
}
|
||||||
|
|
||||||
while (source_.get_index() < length) {
|
while (source_.get_index() < length) {
|
||||||
GetSet();
|
GetSet();
|
||||||
@ -685,47 +715,36 @@ void CertDecoder::GetName(NameType nt)
|
|||||||
byte id = source_.next();
|
byte id = source_.next();
|
||||||
b = source_.next(); // strType
|
b = source_.next(); // strType
|
||||||
word32 strLen = GetLength(source_);
|
word32 strLen = GetLength(source_);
|
||||||
bool copy = false;
|
|
||||||
|
|
||||||
if (id == COMMON_NAME) {
|
switch (id) {
|
||||||
memcpy(&ptr[idx], "/CN=", 4);
|
case COMMON_NAME:
|
||||||
idx += 4;
|
if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
|
||||||
copy = true;
|
return;
|
||||||
}
|
break;
|
||||||
else if (id == SUR_NAME) {
|
case SUR_NAME:
|
||||||
memcpy(&ptr[idx], "/SN=", 4);
|
if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
|
||||||
idx += 4;
|
return;
|
||||||
copy = true;
|
break;
|
||||||
}
|
case COUNTRY_NAME:
|
||||||
else if (id == COUNTRY_NAME) {
|
if (!(ptr = AddTag(ptr, buf_end, "/C=", 3, strLen)))
|
||||||
memcpy(&ptr[idx], "/C=", 3);
|
return;
|
||||||
idx += 3;
|
break;
|
||||||
copy = true;
|
case LOCALITY_NAME:
|
||||||
}
|
if (!(ptr = AddTag(ptr, buf_end, "/L=", 3, strLen)))
|
||||||
else if (id == LOCALITY_NAME) {
|
return;
|
||||||
memcpy(&ptr[idx], "/L=", 3);
|
break;
|
||||||
idx += 3;
|
case STATE_NAME:
|
||||||
copy = true;
|
if (!(ptr = AddTag(ptr, buf_end, "/ST=", 4, strLen)))
|
||||||
}
|
return;
|
||||||
else if (id == STATE_NAME) {
|
break;
|
||||||
memcpy(&ptr[idx], "/ST=", 4);
|
case ORG_NAME:
|
||||||
idx += 4;
|
if (!(ptr = AddTag(ptr, buf_end, "/O=", 3, strLen)))
|
||||||
copy = true;
|
return;
|
||||||
}
|
break;
|
||||||
else if (id == ORG_NAME) {
|
case ORGUNIT_NAME:
|
||||||
memcpy(&ptr[idx], "/O=", 3);
|
if (!(ptr = AddTag(ptr, buf_end, "/OU=", 4, strLen)))
|
||||||
idx += 3;
|
return;
|
||||||
copy = true;
|
break;
|
||||||
}
|
|
||||||
else if (id == ORGUNIT_NAME) {
|
|
||||||
memcpy(&ptr[idx], "/OU=", 4);
|
|
||||||
idx += 4;
|
|
||||||
copy = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (copy) {
|
|
||||||
memcpy(&ptr[idx], source_.get_current(), strLen);
|
|
||||||
idx += strLen;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sha.Update(source_.get_current(), strLen);
|
sha.Update(source_.get_current(), strLen);
|
||||||
@ -740,17 +759,15 @@ void CertDecoder::GetName(NameType nt)
|
|||||||
word32 length = GetLength(source_);
|
word32 length = GetLength(source_);
|
||||||
|
|
||||||
if (email) {
|
if (email) {
|
||||||
memcpy(&ptr[idx], "/emailAddress=", 14);
|
if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length)))
|
||||||
idx += 14;
|
return;
|
||||||
|
|
||||||
memcpy(&ptr[idx], source_.get_current(), length);
|
|
||||||
idx += length;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
source_.advance(length);
|
source_.advance(length);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ptr[idx++] = 0;
|
|
||||||
|
*ptr = 0;
|
||||||
|
|
||||||
if (nt == ISSUER)
|
if (nt == ISSUER)
|
||||||
sha.Final(issuerHash_);
|
sha.Final(issuerHash_);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user