Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.

Also fix a memory leak in PKCS#7 routines.
This commit is contained in:
Dr. Stephen Henson 1999-12-10 13:46:48 +00:00
parent e3775a33c1
commit d8223efd04
5 changed files with 21 additions and 5 deletions

View File

@ -4,6 +4,10 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999] Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Some ASN1 types with illegal zero length encoding (INTEGER,
ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
[Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
*) Merge in my S/MIME library for OpenSSL. This provides a simple *) Merge in my S/MIME library for OpenSSL. This provides a simple
S/MIME API on top of the PKCS#7 code, a MIME parser (with enough S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
functionality to handle multipart/signed properly) and a utility functionality to handle multipart/signed properly) and a utility

View File

@ -177,7 +177,12 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
goto err; goto err;
} }
to=s; to=s;
if (*p & 0x80) /* a negative number */ if(!len) {
/* Strictly speaking this is an illegal ENUMERATED but we
* tolerate it.
*/
ret->type=V_ASN1_INTEGER;
} else if (*p & 0x80) /* a negative number */
{ {
ret->type=V_ASN1_NEG_ENUMERATED; ret->type=V_ASN1_NEG_ENUMERATED;
if ((*p == 0xff) && (len != 1)) { if ((*p == 0xff) && (len != 1)) {

View File

@ -202,7 +202,12 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
goto err; goto err;
} }
to=s; to=s;
if (*p & 0x80) /* a negative number */ if(!len) {
/* Strictly speaking this is an illegal INTEGER but we
* tolerate it.
*/
ret->type=V_ASN1_INTEGER;
} else if (*p & 0x80) /* a negative number */
{ {
ret->type=V_ASN1_NEG_INTEGER; ret->type=V_ASN1_NEG_INTEGER;
if ((*p == 0xff) && (len != 1)) { if ((*p == 0xff) && (len != 1)) {
@ -301,7 +306,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
goto err; goto err;
} }
to=s; to=s;
ret->type=V_ASN1_INTEGER; ret->type=V_ASN1_INTEGER;
if(len) {
if ((*p == 0) && (len != 1)) if ((*p == 0) && (len != 1))
{ {
p++; p++;
@ -309,6 +315,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
} }
memcpy(s,p,(int)len); memcpy(s,p,(int)len);
p+=len; p+=len;
}
if (ret->data != NULL) Free((char *)ret->data); if (ret->data != NULL) Free((char *)ret->data);
ret->data=s; ret->data=s;

View File

@ -223,7 +223,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
if ((ret->data == NULL) || (ret->length < len)) if ((ret->data == NULL) || (ret->length < len))
{ {
if (ret->data != NULL) Free((char *)ret->data); if (ret->data != NULL) Free((char *)ret->data);
ret->data=(unsigned char *)Malloc((int)len); ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
if (ret->data == NULL) if (ret->data == NULL)
{ i=ERR_R_MALLOC_FAILURE; goto err; } { i=ERR_R_MALLOC_FAILURE; goto err; }

View File

@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
{ {
case NID_pkcs7_signed: case NID_pkcs7_signed:
if (p7->d.sign->contents != NULL) if (p7->d.sign->contents != NULL)
PKCS7_content_free(p7->d.sign->contents); PKCS7_free(p7->d.sign->contents);
p7->d.sign->contents=p7_data; p7->d.sign->contents=p7_data;
break; break;
case NID_pkcs7_digest: case NID_pkcs7_digest: