Hanno Böck
eba8bf485a
Call of memcmp with null pointers in obj_cmp() ...
The function obj_cmp() (file crypto/objects/obj_dat.c) can in some
situations call memcmp() with a null pointer and a zero length.
This is invalid behaviour. When compiling openssl with undefined
behaviour sanitizer (add -fsanitize=undefined to compile flags) this
can be seen. One example that triggers this behaviour is the pkcs7
command (but there are others, e.g. I've seen it with the timestamp
function):
apps/openssl pkcs7 -in test/testp7.pem
What happens is that obj_cmp takes objects of the type ASN1_OBJECT and
passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT
structures can have a null pointer as data.
RT#3816
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be)
2015-05-13 15:28:48 +01:00
2015-04-20 18:40:46 +02:00
2015-04-18 14:43:33 +01:00
2015-01-22 09:31:38 +00:00
2015-04-30 23:21:53 +01:00
2015-04-21 17:50:36 +02:00
2015-01-22 09:31:38 +00:00
2015-02-24 10:12:57 +01:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:38 +00:00
2015-04-16 13:50:01 -04:00
2015-01-22 09:31:38 +00:00
2015-02-12 13:01:33 -05:00
2015-04-30 23:14:55 +01:00
2015-04-16 13:50:01 -04:00
2015-04-16 13:50:01 -04:00
2015-04-16 13:50:01 -04:00
2015-04-30 23:21:53 +01:00
2015-01-22 09:31:38 +00:00
2015-03-25 12:41:28 +00:00
2015-01-26 10:46:26 -05:00
2015-01-22 09:31:38 +00:00
2015-04-30 23:21:53 +01:00
2015-04-16 13:50:01 -04:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-04-08 17:59:41 +02:00
2015-05-13 15:28:48 +01:00
2015-04-16 13:50:01 -04:00
2015-01-22 14:11:04 +00:00
2015-02-24 10:12:57 +01:00
2015-03-19 12:58:35 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-04-16 13:50:01 -04:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-04-30 23:21:53 +01:00
2015-01-22 09:31:38 +00:00
2015-04-02 09:51:32 +02:00
2015-04-16 13:50:01 -04:00
2015-03-17 13:48:04 +00:00
2015-01-22 09:31:38 +00:00
2015-04-16 13:50:01 -04:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-02-22 08:10:29 +01:00
2015-01-22 09:31:48 +00:00
2015-05-04 10:54:18 -04:00
2015-05-11 12:19:54 +01:00
2008-04-17 10:19:16 +00:00
2011-08-12 12:31:08 +00:00
2014-06-10 23:20:55 +02:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-06 11:14:23 +01:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-05-02 08:01:52 -04:00
2015-01-22 09:31:38 +00:00
2014-06-18 13:43:09 +02:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-04-08 17:59:40 +02:00
2015-01-22 09:31:38 +00:00
2015-02-09 13:01:15 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2011-11-14 20:45:57 +00:00
2014-06-18 13:43:09 +02:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-13 11:28:54 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-04-22 17:20:38 +01:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:48 +00:00
2015-01-22 09:31:38 +00:00
2005-12-16 10:37:24 +00:00
2015-03-19 13:34:56 +00:00
2015-01-22 09:31:38 +00:00
2013-06-30 23:13:23 +02:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2014-07-20 14:36:49 +02:00
2015-01-22 09:31:38 +00:00
2011-11-14 20:47:22 +00:00
2015-01-22 09:31:38 +00:00
2013-05-20 00:16:18 +02:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00
2014-02-14 17:25:14 +01:00
2014-02-14 17:25:14 +01:00
eba8bf485a