PATCH: don't crash or fail in ASN1_print from crypto/asn1/t_pkey.c.
ASN1_print crashes if the BIO is NULL.
ASN1_print crashes if the label is NULL.
ASN1_print fails *if* the label is empty (i.e., "").
This patch fixes the three issues by validating the BIO pointer and
providing an alternate code path for an empty label. These uses are
now OK:
rc = ASN1_bn_print(NULL, NULL, bn, buffer, 0);
rc = ASN1_bn_print(bio, NULL, bn, buffer, 0);
rc = ASN1_bn_print(NULL, label, bn, buffer, 0);
rc = ASN1_bn_print(bio, "", bn, buffer, 0);
$ git diff crypto/asn1/t_pkey.c
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index 9dd18f6..78f857a 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -65,10 +65,12 @@
int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
unsigned char *buf, int off)
{
- int n,i;
+ int n,i,l;
const char *neg;
+ if (bp == NULL) return(0);
if (num == NULL) return(1);
+ l = (number && *number != '\0') ? 1 : 0;
neg = (BN_is_negative(num))?"-":"";
if(!BIO_indent(bp,off,128))
return 0;
@@ -81,16 +83,34 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM
if (BN_num_bytes(num) <= BN_BYTES)
{
- if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
- (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
- <= 0) return(0);
+ if(l)
+ {
+ if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+ (unsigned long)num->d[0],neg,(unsigned long)num-
+ <= 0) return(0);
+ }
+ else
+ {
+ if (BIO_printf(bp,"%s%lu (%s0x%lx)\n",neg,
+ (unsigned long)num->d[0],neg,(unsigned long)num-
+ <= 0) return(0);
+ }
}
else
{
buf[0]=0;
- if (BIO_printf(bp,"%s%s",number,
- (neg[0] == '-')?" (Negative)":"") <= 0)
- return(0);
+ if(l)
+ {
+ if (BIO_printf(bp,"%s%s",number,
+ (neg[0] == '-')?" (Negative)":"") <= 0)
+ return(0);
+ }
+ else
+ {
+ if (BIO_printf(bp,"%s",
+ (neg[0] == '-')?" (Negative)":"") < 0)
+ return(0);
+ }
n=BN_bn2bin(num,&buf[1]);
if (buf[1] & 0x80)
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index 9dd18f6..78f857a 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -65,10 +65,12 @@
int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
unsigned char *buf, int off)
{
- int n,i;
+ int n,i,l;
const char *neg;
+ if (bp == NULL) return(0);
if (num == NULL) return(1);
+ l = (number && *number != '\0') ? 1 : 0;
neg = (BN_is_negative(num))?"-":"";
if(!BIO_indent(bp,off,128))
return 0;
@@ -81,16 +83,34 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM
*num,
if (BN_num_bytes(num) <= BN_BYTES)
{
- if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
- (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
- <= 0) return(0);
+ if(l)
+ {
+ if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+ (unsigned long)num->d[0],neg,(unsigned
long)num->d[0])
+ <= 0) return(0);
+ }
+ else
+ {
+ if (BIO_printf(bp,"%s%lu (%s0x%lx)\n",neg,
+ (unsigned long)num->d[0],neg,(unsigned
long)num->d[0])
+ <= 0) return(0);
+ }
}
else
{
buf[0]=0;
- if (BIO_printf(bp,"%s%s",number,
- (neg[0] == '-')?" (Negative)":"") <= 0)
- return(0);
+ if(l)
+ {
+ if (BIO_printf(bp,"%s%s",number,
+ (neg[0] == '-')?" (Negative)":"") <= 0)
+ return(0);
+ }
+ else
+ {
+ if (BIO_printf(bp,"%s",
+ (neg[0] == '-')?" (Negative)":"") < 0)
+ return(0);
+ }
n=BN_bn2bin(num,&buf[1]);
if (buf[1] & 0x80)
