In reviewing code in directory 'crypto/asn1', file 'asn_moid.c', in
function 'do_create()', there is a call to 'OBJ_nid2obj()' which is
not checked for a return value of NULL.
The patch file below adds the check and returns 0 if NULL is returned:
--- asn_moid.c.orig 2016-03-06 17:09:03.019903938 -0800
+++ asn_moid.c 2016-03-06 17:09:41.778829998 -0800
@@ -146,6 +146,8 @@
memcpy(lntmp, ln, p - ln);
lntmp[p - ln] = 0;
oid = OBJ_nid2obj(nid);
+ if (oid == NULL)
+ return 0;
oid->ln = lntmp;
}
===
In reviewing code in directory 'crypto/asn1', file 'p5_pbev2.c', in
function 'PKCS5_pbe2_set_iv()' and 'PKCS5_pbkdf2_set(), there are calls
to 'OBJ_nid2obj()' which is not checked for a return value of NULL.
The patch file below adds the check and goes to merr: if NULL is returned:
--- p5_pbev2.c.orig 2016-03-06 17:21:56.612223544 -0800
+++ p5_pbev2.c 2016-03-06 17:23:25.049463462 -0800
@@ -105,6 +105,8 @@
goto err;
}
obj = OBJ_nid2obj(alg_nid);
+if (obj == NULL)
+ goto merr;
if (!(pbe2 = PBE2PARAM_new()))
goto merr;
@@ -169,6 +171,8 @@
goto merr;
ret->algorithm = OBJ_nid2obj(NID_pbes2);
+if (ret->algorithm == NULL)
+ goto merr;
/* Encode PBE2PARAM into parameter */
@@ -258,6 +262,8 @@
goto merr;
keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+if (!keyfunc->algorithm)
+ goto merr;
/* Encode PBKDF2PARAM into parameter of pbe2 */
===
In reviewing code in directory 'crypto/asn1', file 'x_attrib.c', in
function 'X509_ATTRIBUTE_create()' there is a call to 'OBJ_nid2obj()'
which is not checked for a return value of NULL.
The patch file below adds the check and goes to err: if NULL is returned:
--- x_attrib.c.orig 2016-03-06 17:35:12.565385098 -0800
+++ x_attrib.c 2016-03-06 17:37:35.383536550 -0800
@@ -105,6 +105,8 @@
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return (NULL);
ret->object = OBJ_nid2obj(nid);
+if (ret->object == NULL)
+ goto err;
ret->single = 0;
if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
goto err;
===
In reviewing code in directory 'crypto/asn1', file 'tasn_new.c', in
function 'ASN1_primitive_new()' there is a call to 'OBJ_nid2obj()'
which is not checked for a return value of NULL.
The patch file below adds the check and returns 0 if NULL is returned:
--- tasn_new.c.orig 2016-03-06 17:39:25.320508974 -0800
+++ tasn_new.c 2016-03-06 17:40:31.614934655 -0800
@@ -328,6 +328,8 @@
switch (utype) {
case V_ASN1_OBJECT:
*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+ if (!pval)
+ return 0;
return 1;
case V_ASN1_BOOLEAN:
===
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4381
Please log in as guest with password guest if prompted
asn_moid.c.patch
Description: Binary data
p5_pbev2.c.patch
Description: Binary data
x_attrib.c.patch
Description: Binary data
tasn_new.c.patch
Description: Binary data
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev