generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better handling of verify param id peername field

Browse Source 
Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).

In x509_verify_param_zero() set peername to NULL after freeing it.

In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername.  This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.

Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit a0724ef1c9b9e2090bdd96b784f492b6a3952957)
This commit is contained in:
Viktor Dukhovni 2015-09-01 21:47:12 -04:00
parent 0a1682d8b5
commit 39c76ceb2d
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/x509/x509_vfy.c
View File

@ -753,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
int n = sk_OPENSSL_STRING_num(id->hosts);
char *name;
if (id->peername != NULL) {
OPENSSL_free(id->peername);
id->peername = NULL;
}
for (i = 0; i < n; ++i) {
name = sk_OPENSSL_STRING_value(id->hosts, i);
if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)

15
crypto/x509/x509_vpm.c
View File

@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
}
if (paramid->peername)
OPENSSL_free(paramid->peername);
paramid->peername = NULL;
if (paramid->email) {
OPENSSL_free(paramid->email);
paramid->email = NULL;
@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
paramid->ip = NULL;
paramid->iplen = 0;
}
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
param = OPENSSL_malloc(sizeof *param);
if (!param)
return NULL;
paramid = OPENSSL_malloc(sizeof *paramid);
memset(param, 0, sizeof(*param));
paramid = OPENSSL_malloc(sizeof(*paramid));
if (!paramid) {
OPENSSL_free(param);
return NULL;
}
memset(param, 0, sizeof *param);
memset(paramid, 0, sizeof *paramid);
memset(paramid, 0, sizeof(*paramid));
/* Exotic platforms may have non-zero bit representation of NULL */
paramid->hosts = NULL;
paramid->peername = NULL;
paramid->email = NULL;
paramid->ip = NULL;
param->id = paramid;
x509_verify_param_zero(param);
return param;