diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-05-09 10:13:04 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-06-21 16:19:41 +0900 |
commit | f51226cfa9125bc474470649ce3234d5089be710 (patch) | |
tree | 5d6cb0f6bdf84f71e66d60c11d97a8c19c4e2330 | |
parent | 9c894895b7e74a63eabe3188c9c42c068ffb08f4 (diff) | |
download | openssl-f51226cfa9125bc474470649ce3234d5089be710.tar.gz |
Fix parsing of oid_section in config
Parsing the 'sn = ln, 1.2.3' form would segfault. Do not rely on the
previous behavior of OBJ_create(), which did not dereference the 'ln'
argument immediately.
-rw-r--r-- | crypto/asn1/asn_moid.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 8176b76008..cec26be76b 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -60,46 +60,44 @@ void ASN1_add_oid_module(void) static int do_create(const char *value, const char *name) { int nid; - ASN1_OBJECT *oid; - const char *ln, *ostr, *p; - char *lntmp; + const char *ln, *ln_start, *ostr, *p; + char *lntmp = NULL; + p = strrchr(value, ','); - if (!p) { + if (p == NULL) { ln = name; ostr = value; } else { - ln = NULL; ostr = p + 1; if (!*ostr) return 0; while (isspace((unsigned char)*ostr)) ostr++; - } - - nid = OBJ_create(ostr, name, ln); - - if (nid == NID_undef) - return 0; - if (p) { - ln = value; - while (isspace((unsigned char)*ln)) - ln++; + ln_start = value; + while (isspace((unsigned char)*ln_start)) + ln_start++; p--; while (isspace((unsigned char)*p)) { - if (p == ln) + if (p == ln_start) return 0; p--; } p++; - lntmp = OPENSSL_malloc((p - ln) + 1); + lntmp = OPENSSL_malloc(p - ln_start + 1); if (lntmp == NULL) return 0; - memcpy(lntmp, ln, p - ln); - lntmp[p - ln] = 0; - oid = OBJ_nid2obj(nid); - oid->ln = lntmp; + memcpy(lntmp, ln_start, p - ln_start); + lntmp[p - ln_start] = 0; + ln = lntmp; } + nid = OBJ_create(ostr, name, ln); + + OPENSSL_free(lntmp); + + if (nid == NID_undef) + return 0; + return 1; } |