diff options
author | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
commit | 54a656ef081f72a740c550ebd8099b40b8b5cde0 (patch) | |
tree | 9b3638b56848c7f0648b84cfa7ad056116b37a1b /crypto/pem/pem_lib.c | |
parent | 8f797f14b8ff7d3d5cb04443284259a0c94860b3 (diff) | |
download | openssl-54a656ef081f72a740c550ebd8099b40b8b5cde0.tar.gz |
Security fixes brought forward from 0.9.7.
Diffstat (limited to 'crypto/pem/pem_lib.c')
-rw-r--r-- | crypto/pem/pem_lib.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index bfc43e90af..fbc94d6a80 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static unsigned char map[17]="0123456789ABCDEF"; + static const unsigned char map[17]="0123456789ABCDEF"; long i; int j; @@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, goto err; } /* dzise + 8 bytes are needed */ + // actually it needs the cipher block size extra... data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { @@ -335,6 +336,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ + OPENSSL_assert(enc->iv_len <= sizeof iv); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -343,6 +345,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); + buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (strncmp(buf,"-----END ",9) == 0) break; if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) + if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; |