[Pkg-openssl-changes] r370 - in openssl/branches/etch: crypto/asn1 debian
Kurt Roeckx
kroeckx at alioth.debian.org
Sat May 16 15:10:43 UTC 2009
Author: kroeckx
Date: 2009-05-16 15:10:43 +0000 (Sat, 16 May 2009)
New Revision: 370
Modified:
openssl/branches/etch/crypto/asn1/asn1.h
openssl/branches/etch/crypto/asn1/asn1_err.c
openssl/branches/etch/crypto/asn1/tasn_dec.c
openssl/branches/etch/debian/changelog
Log:
Properly validate the length of an encoded BMPString and UniversalString
(CVE-2009-0590)
Modified: openssl/branches/etch/crypto/asn1/asn1.h
===================================================================
--- openssl/branches/etch/crypto/asn1/asn1.h 2009-05-16 15:10:14 UTC (rev 369)
+++ openssl/branches/etch/crypto/asn1/asn1.h 2009-05-16 15:10:43 UTC (rev 370)
@@ -1134,6 +1134,7 @@
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1213,6 +1214,7 @@
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
Modified: openssl/branches/etch/crypto/asn1/asn1_err.c
===================================================================
--- openssl/branches/etch/crypto/asn1/asn1_err.c 2009-05-16 15:10:14 UTC (rev 369)
+++ openssl/branches/etch/crypto/asn1/asn1_err.c 2009-05-16 15:10:43 UTC (rev 370)
@@ -188,6 +188,7 @@
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
@@ -267,6 +268,7 @@
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
Modified: openssl/branches/etch/crypto/asn1/tasn_dec.c
===================================================================
--- openssl/branches/etch/crypto/asn1/tasn_dec.c 2009-05-16 15:10:14 UTC (rev 369)
+++ openssl/branches/etch/crypto/asn1/tasn_dec.c 2009-05-16 15:10:43 UTC (rev 370)
@@ -1014,6 +1014,18 @@
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
default:
+ if (utype == V_ASN1_BMPSTRING && (len & 1))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
/* All based on ASN1_STRING and handled the same */
if (!*pval)
{
Modified: openssl/branches/etch/debian/changelog
===================================================================
--- openssl/branches/etch/debian/changelog 2009-05-16 15:10:14 UTC (rev 369)
+++ openssl/branches/etch/debian/changelog 2009-05-16 15:10:43 UTC (rev 370)
@@ -1,3 +1,10 @@
+openssl (0.9.8c-4etch5) oldstable-security; urgency=low
+
+ * Properly validate the length of an encoded BMPString and UniversalString
+ (CVE-2009-0590)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 01 Apr 2009 21:49:42 +0200
+
openssl (0.9.8c-4etch4) stable-security; urgency=low
* Internal calls to didn't properly check for errors which
More information about the Pkg-openssl-changes
mailing list