X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28370)

(cherry picked from commit ceb45f64bde3d299c7ef529e5cd5372e4a421366)

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index 4688aaeea4125f13dcfc491ebae41c164c276d23..1db22047cf0f33844ce06ff9449ed30b95f84ff0 100644 (file)
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -186,7 +186,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
         return 0;
     }
     if (trust < X509_TRUST_DEFAULT || name == NULL || sname == NULL || ck == NULL) {
-        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
 

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 6f1cfd9320ee95486d258b4cae515944e7dc535d..efe08ff683157948c4d217fdf9e6125a9b654487 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -635,6 +635,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);