From d8223efd04f8526b602209ee5f39c06fa300beea Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Dec 1999 13:46:48 +0000 Subject: [PATCH] Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs. Also fix a memory leak in PKCS#7 routines. --- CHANGES | 4 ++++ crypto/asn1/a_enum.c | 7 ++++++- crypto/asn1/a_int.c | 11 +++++++++-- crypto/asn1/a_object.c | 2 +- crypto/pkcs7/pk7_lib.c | 2 +- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 5e1883f37..196e56d1b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Some ASN1 types with illegal zero length encoding (INTEGER, + ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines. + [Frans Heymans , modified by Steve Henson] + *) Merge in my S/MIME library for OpenSSL. This provides a simple S/MIME API on top of the PKCS#7 code, a MIME parser (with enough functionality to handle multipart/signed properly) and a utility diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 61349ed00..38134f368 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -177,7 +177,12 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp, goto err; } to=s; - if (*p & 0x80) /* a negative number */ + if(!len) { + /* Strictly speaking this is an illegal ENUMERATED but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ { ret->type=V_ASN1_NEG_ENUMERATED; if ((*p == 0xff) && (len != 1)) { diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 7ed99eb39..bcbdc7d4e 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -202,7 +202,12 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, goto err; } to=s; - if (*p & 0x80) /* a negative number */ + if(!len) { + /* Strictly speaking this is an illegal INTEGER but we + * tolerate it. + */ + ret->type=V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ { ret->type=V_ASN1_NEG_INTEGER; if ((*p == 0xff) && (len != 1)) { @@ -301,7 +306,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, goto err; } to=s; - ret->type=V_ASN1_INTEGER; + ret->type=V_ASN1_INTEGER; + if(len) { if ((*p == 0) && (len != 1)) { p++; @@ -309,6 +315,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, } memcpy(s,p,(int)len); p+=len; + } if (ret->data != NULL) Free((char *)ret->data); ret->data=s; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index b94b418ee..ab69b955b 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -223,7 +223,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, if ((ret->data == NULL) || (ret->length < len)) { if (ret->data != NULL) Free((char *)ret->data); - ret->data=(unsigned char *)Malloc((int)len); + ret->data=(unsigned char *)Malloc(len ? (int)len : 1); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 312a5ed06..388a1d78b 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) - PKCS7_content_free(p7->d.sign->contents); + PKCS7_free(p7->d.sign->contents); p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: