CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2015/07/15 10:45:24
Modified files:
lib/libssl/src/crypto/ts: ts_rsp_verify.c
Log message:
Do not allow TS_check_signer_name() with signer == NULL from
int_TS_RESP_verify_token(). Coverity CID 21710.
Looking further, int_TS_RESP_verify_token() will only initialize signer to
something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what?
TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX
constructor, explicitely clears this bit, with:
ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
followed by more conditional flag clears.
Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This
is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will
happen.
ok beck@
