zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When calling ASN1_item_i2d () check both returned length and allocated pointer

Browse Source 
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24979)
This commit is contained in:
XZ-X 2024-07-22 14:33:02 -04:00 committed by Tomas Mraz
parent dc6993a625
commit 391334dd8c
5 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/asn1/a_dup.c
View File

@ -75,7 +75,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x)
}
i = ASN1_item_i2d(x, &b, it);
if (b == NULL) {
if (i < 0 || b == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
return NULL;
}

2
crypto/asn1/a_i2d_fp.c
View File

@ -88,7 +88,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x)
int i, j = 0, n, ret = 1;
n = ASN1_item_i2d(x, &b, it);
if (b == NULL) {
if (n < 0 || b == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
return 0;
}

2
crypto/cms/cms_sd.c
View File

@ -862,7 +862,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
ASN1_ITEM_rptr(CMS_Attributes_Sign));
if (!abuf)
if (alen < 0 || abuf == NULL)
goto err;
if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
goto err;

4
crypto/pkcs7/pk7_attr.c
View File

@ -28,6 +28,10 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
}
seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
ASN1_ITEM_rptr(X509_ALGORS));
if (seq->length <= 0 || seq->data == NULL) {
ASN1_STRING_free(seq);
return 1;
}
if (!PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
V_ASN1_SEQUENCE, seq)) {
ASN1_STRING_free(seq);

4
crypto/pkcs7/pk7_doit.c
View File

@ -920,7 +920,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if (!abuf)
if (alen < 0 || abuf == NULL)
goto err;
if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
goto err;
@ -1102,7 +1102,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
if (alen <= 0) {
if (alen <= 0 || abuf == NULL) {
ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB);
ret = -1;
goto err;