package/openssl/patches/401_cve_2009_0590.patch

   1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
   2
   3 --- a/crypto/asn1/asn1.h
   4 +++ b/crypto/asn1/asn1.h
   5 @@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void);
   6  #define ASN1_R_BAD_OBJECT_HEADER                        102
   7  #define ASN1_R_BAD_PASSWORD_READ                        103
   8  #define ASN1_R_BAD_TAG                                  104
   9 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                210
  10  #define ASN1_R_BN_LIB                                   105
  11  #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  106
  12  #define ASN1_R_BUFFER_TOO_SMALL                                 107
  13 @@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void);
  14  #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                         157
  15  #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY                 158
  16  #define ASN1_R_UNEXPECTED_EOC                           159
  17 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH          211
  18  #define ASN1_R_UNKNOWN_FORMAT                           160
  19  #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM                 161
  20  #define ASN1_R_UNKNOWN_OBJECT_TYPE                      162
  21 --- a/crypto/asn1/asn1_err.c
  22 +++ b/crypto/asn1/asn1_err.c
  23 @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
  24  {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
  25  {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
  26  {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
  27 +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
  28  {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
  29  {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
  30  {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
  31 @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
  32  {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
  33  {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
  34  {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
  35 +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
  36  {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
  37  {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
  38  {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
  39 --- a/crypto/asn1/tasn_dec.c
  40 +++ b/crypto/asn1/tasn_dec.c
  41 @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VAL
  42
  43         err:
  44         ASN1_template_free(val, tt);
  45 -       *val = NULL;
  46         return 0;
  47         }
  48
  49 @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_
  50
  51         err:
  52         ASN1_template_free(val, tt);
  53 -       *val = NULL;
  54         return 0;
  55         }
  56
  57 @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
  58                 case V_ASN1_SET:
  59                 case V_ASN1_SEQUENCE:
  60                 default:
  61 +               if (utype == V_ASN1_BMPSTRING && (len & 1))
  62 +                       {
  63 +                       ASN1err(ASN1_F_ASN1_EX_C2I,
  64 +                                       ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
  65 +                       goto err;
  66 +                       }
  67 +               if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
  68 +                       {
  69 +                       ASN1err(ASN1_F_ASN1_EX_C2I,
  70 +                                       ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
  71 +                       goto err;
  72 +                       }
  73                 /* All based on ASN1_STRING and handled the same */
  74                 if (!*pval)
  75                         {