When calling asn1parse -genconf with a nonexistent file this will cause
an access to an uninitialized variable.
Test:
valgrind -q openssl asn1parse -genconf nonexistingfile
The reason is this code in asn1pars.c:
conferr:
if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
errline, genconf);
else
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
It assumes that if errline wasn't set it's zero. While on most systems
it's true that uninitialized variables are zero, this is not something
that should be relied upon.
Pre-initializing the variable with zero fixes this. See patch (for
current git code) and valgrind output attached. Please apply.
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 1576f1c..1cb4bcc 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -396,7 +396,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
- long errline;
+ long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
==30382== Conditional jump or move depends on uninitialised value(s)
==30382== at 0x4073C5: do_generate (asn1pars.c:439)
==30382== by 0x4073C5: asn1parse_main (asn1pars.c:273)
==30382== by 0x405320: do_cmd (openssl.c:470)
==30382== by 0x404FEA: main (openssl.c:366)
==30382==
==30382== Conditional jump or move depends on uninitialised value(s)
==30382== at 0x528598: fmtint (b_print.c:479)
==30382== by 0x52A157: _dopr (b_print.c:374)
==30382== by 0x52A157: BIO_vprintf (b_print.c:774)
==30382== by 0x52AE63: BIO_printf (b_print.c:754)
==30382== by 0x4073DC: do_generate (asn1pars.c:440)
==30382== by 0x4073DC: asn1parse_main (asn1pars.c:273)
==30382== by 0x405320: do_cmd (openssl.c:470)
==30382== by 0x404FEA: main (openssl.c:366)
==30382==
==30382== Use of uninitialised value of size 8
==30382== at 0x52860C: fmtint (b_print.c:496)
==30382== by 0x52A157: _dopr (b_print.c:374)
==30382== by 0x52A157: BIO_vprintf (b_print.c:774)
==30382== by 0x52AE63: BIO_printf (b_print.c:754)
==30382== by 0x4073DC: do_generate (asn1pars.c:440)
==30382== by 0x4073DC: asn1parse_main (asn1pars.c:273)
==30382== by 0x405320: do_cmd (openssl.c:470)
==30382== by 0x404FEA: main (openssl.c:366)
==30382==
==30382== Conditional jump or move depends on uninitialised value(s)
==30382== at 0x528622: fmtint (b_print.c:499)
==30382== by 0x52A157: _dopr (b_print.c:374)
==30382== by 0x52A157: BIO_vprintf (b_print.c:774)
==30382== by 0x52AE63: BIO_printf (b_print.c:754)
==30382== by 0x4073DC: do_generate (asn1pars.c:440)
==30382== by 0x4073DC: asn1parse_main (asn1pars.c:273)
==30382== by 0x405320: do_cmd (openssl.c:470)
==30382== by 0x404FEA: main (openssl.c:366)
==30382==
Error on line 69349704 of config file 'nonexistentfile'
67417424:error:02001002:system library:fopen:No such file or
directory:bss_file.c:168:fopen('nonexistentfile','rb')
67417424:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:171:
67417424:error:0E078072:configuration file routines:DEF_LOAD:no such
file:conf_def.c:195:
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
