OpenSSL engine ctrl: handling of strings

Götz Babin-Ebell Fri, 14 Jun 2002 12:17:30 -0700

Hello folks,

There is a possible problem with the string param handling of ENGINE_ctrl():
(At least I will get a problem...)


In the ..._ctrl()-Function of the engines a passed string
is only referenced and not copyed.
This is bad if the buffer with the passed data is overwritten...

Since in the BIO interface passed string params are copied
to an internal (allocated) buffer (at least in the modules I
checked...), the ENGINE -interface should act the same way.

Please have a look at the attached patch...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/eng_dyn.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/eng_dyn.c
159a160,163
>                 if (ctx->DYNAMIC_LIBNAME)
>                    OPENSSL_free((void*)(ctx->DYNAMIC_LIBNAME));
>                 if (ctx->engine_id)
>                    OPENSSL_free((void*)(ctx->engine_id));
172c176
<       if(!ctx)
---
>       if(!c)
313,314c317,323
<               ctx->DYNAMIC_LIBNAME = (const char *)p;
<               return 1;
---
>                 if (ctx->DYNAMIC_LIBNAME)
>                    OPENSSL_free((void*)(ctx->DYNAMIC_LIBNAME));
>                 if (p)
>                    ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
>                 else
>                    ctx->DYNAMIC_LIBNAME = NULL;
>                 return ctx->DYNAMIC_LIBNAME != NULL ? 1 : 0;
322,323c331,337
<               ctx->engine_id = (const char *)p;
<               return 1;
---
>                 if (ctx->engine_id)
>                    OPENSSL_free((void*)(ctx->engine_id));
>                 if (p)
>                    ctx->engine_id = BUF_strdup(p);
>                 else
>                    ctx->engine_id = NULL;
>                 return ctx->engine_id != NULL ? 1 : 0;
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_4758_cca.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_4758_cca.c
127,128c127,147
< static const char def_CCA4758_LIB_NAME[] = CCA_LIB_NAME;
< static const char *CCA4758_LIB_NAME = def_CCA4758_LIB_NAME;
---
> static const char *CCA4758_LIB_NAME = NULL;
> static const char *get_CCA4758_LIB_NAME()
> {
>    if (CCA4758_LIB_NAME)
>       return CCA4758_LIB_NAME;
>    else
>       return CCA_LIB_NAME;
> }
> static void free_CCA4758_LIB_NAME()
> {
>    if (CCA4758_LIB_NAME)
>       OPENSSL_free((char*)CCA4758_LIB_NAME);
>    CCA4758_LIB_NAME = NULL;
> }
> static long set_CCA4758_LIB_NAME(const char *newName)
> {
>    if (CCA4758_LIB_NAME)
>       OPENSSL_free((char*)CCA4758_LIB_NAME);
>    return (CCA4758_LIB_NAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
> 
234a254
>         free_CCA4758_LIB_NAME();
246c266
<       dso = DSO_load(NULL, CCA4758_LIB_NAME , NULL, 0);
---
>       dso = DSO_load(NULL, get_CCA4758_LIB_NAME() , NULL, 0);
302c322,323
<       if(dso)
---
>       free_CCA4758_LIB_NAME();
>       if(!dso)
322c343
<       return 1;
---
>         return 1;
343,344c364
<               CCA4758_LIB_NAME = (const char *)p;
<               return 1;
---
>               return set_CCA4758_LIB_NAME((const char*)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_aep.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_aep.c
73a74
> #include <openssl/buffer.h>
366c367,386
< static const char *AEP_LIBNAME = "aep";
---
> static const char *AEP_LIBNAME = NULL;
> static const char *get_AEP_LIBNAME()
> {
>    if (AEP_LIBNAME)
>       return AEP_LIBNAME;
>    else
>       return "aep";
> }
> static void free_AEP_LIBNAME()
> {
>    if (AEP_LIBNAME)
>       OPENSSL_free((char*)AEP_LIBNAME);
>    AEP_LIBNAME = NULL;
> }
> static long set_AEP_LIBNAME(const char *newName)
> {
>    if (AEP_LIBNAME)
>       OPENSSL_free((char*)AEP_LIBNAME);
>    return (AEP_LIBNAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
415c435
<       aep_dso = DSO_load(NULL, AEP_LIBNAME, NULL, 0);
---
>       aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
476a497
>       free_AEP_LIBNAME();
485a507
>       free_AEP_LIBNAME();
552,553c574
<               AEP_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_AEP_LIBNAME((const char*)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_atalla.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_atalla.c
289,290c289,309
< static const char def_ATALLA_LIBNAME[] = "atasi";
< static const char *ATALLA_LIBNAME = def_ATALLA_LIBNAME;
---
> static const char *ATALLA_LIBNAME = NULL;
> static const char *get_ATALLA_LIBNAME()
> {
>    if (ATALLA_LIBNAME)
>       return ATALLA_LIBNAME;
>    else
>       return "atasi";
> }
> static void free_ATALLA_LIBNAME()
> {
>    if (ATALLA_LIBNAME)
>       OPENSSL_free((char*)ATALLA_LIBNAME);
>    ATALLA_LIBNAME = NULL;
> }
> static long set_ATALLA_LIBNAME(const char *newName)
> {
>    if (ATALLA_LIBNAME)
>       OPENSSL_free((char*)ATALLA_LIBNAME);
>    return (ATALLA_LIBNAME = BUF_strdup(newName) )!= NULL ? 1 : 0;
> }
> 
301a321
>       free_ATALLA_LIBNAME();
327c347
<       atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0);
---
>       atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
366a387
>       free_ATALLA_LIBNAME();
400,401c421
<               ATALLA_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_ATALLA_LIBNAME((const char *)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_cswift.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_cswift.c
283,284c283,302
< static const char def_CSWIFT_LIBNAME[] = "swift";
< static const char *CSWIFT_LIBNAME = def_CSWIFT_LIBNAME;
---
> static const char *CSWIFT_LIBNAME = NULL;
> static const char *get_CSWIFT_LIBNAME()
> {
>    if (CSWIFT_LIBNAME)
>       return CSWIFT_LIBNAME;
>    else
>       return "swift";
> }
> static void free_CSWIFT_LIBNAME()
> {
>    if (CSWIFT_LIBNAME)
>       OPENSSL_free((char*)CSWIFT_LIBNAME);
>    CSWIFT_LIBNAME = NULL;
> }
> static long set_CSWIFT_LIBNAME(const char *newName)
> {
>    free_CSWIFT_LIBNAME();
>    return (CSWIFT_LIBNAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
> 
316a335
>       free_CSWIFT_LIBNAME();
335c354
<       cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0);
---
>       cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
379a399
>       free_CSWIFT_LIBNAME();
414,415c434
<               CSWIFT_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_CSWIFT_LIBNAME((const char*)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_ncipher.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_ncipher.c
425,426c425,444
< static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk";
< static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME;
---
> static const char *HWCRHK_LIBNAME = NULL;
> static void free_HWCRHK_LIBNAME()
> {
>    if (HWCRHK_LIBNAME)
>       OPENSSL_free((char*)HWCRHK_LIBNAME);
>    HWCRHK_LIBNAME = NULL;
> }
> static const char *get_HWCRHK_LIBNAME()
> {
>    if (HWCRHK_LIBNAME)
>       return HWCRHK_LIBNAME;
>    else
>       return "nfhwcrhk";
> }
> static long set_HWCRHK_LIBNAME(const char *newName)
> {
>    free_HWCRHK_LIBNAME();
>    return (HWCRHK_LIBNAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
> 
472a491
>       free_HWCRHK_LIBNAME();
497c516
<       hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0);
---
>       hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
588a608
>       free_HWCRHK_LIBNAME();
637,638c657
<               HWCRHK_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_HWCRHK_LIBNAME((const char*)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_nuron.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_nuron.c
72,73c72,91
< static const char def_NURON_LIBNAME[] = "nuronssl";
< static const char *NURON_LIBNAME = def_NURON_LIBNAME;
---
> static const char *NURON_LIBNAME = NULL;
> static const char *get_NURON_LIBNAME()
> {
>    if (NURON_LIBNAME)
>       return NURON_LIBNAME;
>    else
>       return "nuronssl";
> }
> static void free_NURON_LIBNAME()
> {
>    if (NURON_LIBNAME)
>       OPENSSL_free((char*)NURON_LIBNAME);
>    NURON_LIBNAME = NULL;
> }
> static long set_NURON_LIBNAME(const char *newName)
> {
>    free_NURON_LIBNAME();
>    return (NURON_LIBNAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
> 
93a112
>       free_NURON_LIBNAME();
105c124
<       pvDSOHandle = DSO_load(NULL, NURON_LIBNAME, NULL,
---
>       pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
124a144
>       free_NURON_LIBNAME();
156,157c176
<               NURON_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_NURON_LIBNAME((const char *)p);
diff -r openssl-0.9.7-stable-SNAP-20020613/crypto/engine/hw_ubsec.c 
openssl-0.9.7-stable-SNAP-20020613_new/crypto/engine/hw_ubsec.c
307c307,326
< static const char *UBSEC_LIBNAME = "ubsec";
---
> static const char *UBSEC_LIBNAME = NULL;
> static const char *get_UBSEC_LIBNAME()
> {
>    if (UBSEC_LIBNAME)
>       return UBSEC_LIBNAME;
>    else
>       return "ubsec";
> }
> static void free_UBSEC_LIBNAME()
> {
>    if (UBSEC_LIBNAME)
>       OPENSSL_free((char*)UBSEC_LIBNAME);
>    UBSEC_LIBNAME = NULL;
> }
> static long set_UBSEC_LIBNAME(const char *newName)
> {
>    free_UBSEC_LIBNAME();
>    return (UBSEC_LIBNAME = BUF_strdup(newName)) != NULL ? 1 : 0;
> }
> 
331a351
>       free_UBSEC_LIBNAME();
367c387
<       ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0);
---
>       ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
461a482
>       free_UBSEC_LIBNAME();
511,512c532
<               UBSEC_LIBNAME = (const char *)p;
<               return 1;
---
>               return set_UBSEC_LIBNAME((const char *)p);

smime.p7s
Description: S/MIME Cryptographic Signature

OpenSSL engine ctrl: handling of strings

Reply via email to