diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-12-10 13:46:48 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-12-10 13:46:48 +0000 |
| commit | d8223efd04f8526b602209ee5f39c06fa300beea (patch) | |
| tree | 7044ee8ece86c78beda2c8480d189714410c2d5e /crypto | |
| parent | e3775a33c1ee5aa845527c3fd9aac11426eac8c5 (diff) | |
| download | openssl-d8223efd04f8526b602209ee5f39c06fa300beea.tar.gz | |
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
Also fix a memory leak in PKCS#7 routines.
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/a_enum.c | 7 | ||||
| -rw-r--r-- | crypto/asn1/a_int.c | 11 | ||||
| -rw-r--r-- | crypto/asn1/a_object.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_lib.c | 2 |
4 files changed, 17 insertions, 5 deletions
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 61349ed003..38134f3688 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -177,7 +177,12 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp, goto err; } to=s; - if (*p & 0x80) /* a negative number */ + if(!len) { + /* Strictly speaking this is an illegal ENUMERATED but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ { ret->type=V_ASN1_NEG_ENUMERATED; if ((*p == 0xff) && (len != 1)) { diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 7ed99eb399..bcbdc7d4e1 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -202,7 +202,12 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, goto err; } to=s; - if (*p & 0x80) /* a negative number */ + if(!len) { + /* Strictly speaking this is an illegal INTEGER but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ { ret->type=V_ASN1_NEG_INTEGER; if ((*p == 0xff) && (len != 1)) { @@ -301,7 +306,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, goto err; } to=s; - ret->type=V_ASN1_INTEGER; + ret->type=V_ASN1_INTEGER; + if(len) { if ((*p == 0) && (len != 1)) { p++; @@ -309,6 +315,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, } memcpy(s,p,(int)len); p+=len; + } if (ret->data != NULL) Free((char *)ret->data); ret->data=s; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index b94b418ee8..ab69b955b5 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -223,7 +223,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, if ((ret->data == NULL) || (ret->length < len)) { if (ret->data != NULL) Free((char *)ret->data); - ret->data=(unsigned char *)Malloc((int)len); + ret->data=(unsigned char *)Malloc(len ? (int)len : 1); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 312a5ed064..388a1d78b3 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) - PKCS7_content_free(p7->d.sign->contents); + PKCS7_free(p7->d.sign->contents); p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: |