[CVE-2009-0590] fix OpenSSL DoS vulnerability in ASN1_STRING_print_ex (closes: #4911...
[openwrt/svn-archive/archive.git] / package / openssl / patches / 401_cve_2009_0590.patch
1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
2
3 --- a/crypto/asn1/asn1.h
4 +++ b/crypto/asn1/asn1.h
5 @@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void);
6 #define ASN1_R_BAD_OBJECT_HEADER 102
7 #define ASN1_R_BAD_PASSWORD_READ 103
8 #define ASN1_R_BAD_TAG 104
9 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
10 #define ASN1_R_BN_LIB 105
11 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
12 #define ASN1_R_BUFFER_TOO_SMALL 107
13 @@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void);
14 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
15 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
16 #define ASN1_R_UNEXPECTED_EOC 159
17 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
18 #define ASN1_R_UNKNOWN_FORMAT 160
19 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
20 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162
21 --- a/crypto/asn1/asn1_err.c
22 +++ b/crypto/asn1/asn1_err.c
23 @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
24 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
25 {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
26 {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
27 +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
28 {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
29 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
30 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
31 @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
32 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
33 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
34 {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
35 +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
36 {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
37 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
38 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
39 --- a/crypto/asn1/tasn_dec.c
40 +++ b/crypto/asn1/tasn_dec.c
41 @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VAL
42
43 err:
44 ASN1_template_free(val, tt);
45 - *val = NULL;
46 return 0;
47 }
48
49 @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_
50
51 err:
52 ASN1_template_free(val, tt);
53 - *val = NULL;
54 return 0;
55 }
56
57 @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
58 case V_ASN1_SET:
59 case V_ASN1_SEQUENCE:
60 default:
61 + if (utype == V_ASN1_BMPSTRING && (len & 1))
62 + {
63 + ASN1err(ASN1_F_ASN1_EX_C2I,
64 + ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
65 + goto err;
66 + }
67 + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
68 + {
69 + ASN1err(ASN1_F_ASN1_EX_C2I,
70 + ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
71 + goto err;
72 + }
73 /* All based on ASN1_STRING and handled the same */
74 if (!*pval)
75 {