From: Mark Andrews <marka@isc.org>
Date: Wed, 31 Jul 2002 07:20:36 +0000 (+0000)
Subject: 1347.   [bug]           Incorporate OpenSSL fixes for CERT Advisory CA-2002-23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=591207b37ecab666b601183330c1e60699535293;p=thirdparty%2Fbind9.git

1347.   [bug]           Incorporate OpenSSL fixes for CERT Advisory CA-2002-23
                        http://www.cert.org/advisories/CA-2002-23.html
---

diff --git a/CHANGES b/CHANGES
index 6a1735f93e7..8c7c282a68d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1347.	[bug]		Incorporate OpenSSL fixes for CERT Advisory CA-2002-23
+			http://www.cert.org/advisories/CA-2002-23.html
+
 1156.	[port]		The configure test for strsep() incorrectly
 			succeeded on certain patched versions of
 			AIX 4.3.3. [RT #2190]
diff --git a/lib/dns/sec/openssl/asn1_lib.c b/lib/dns/sec/openssl/asn1_lib.c
index ada754b6e90..1ba90727477 100644
--- a/lib/dns/sec/openssl/asn1_lib.c
+++ b/lib/dns/sec/openssl/asn1_lib.c
@@ -127,15 +127,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));
 
 #endif
-#if 0
-	if ((p+ *plength) > (omax+ *pp))
+	if (*plength > (omax - (*pp - p)))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
-#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -162,6 +160,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
+			if (i > sizeof(long))
+				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -173,6 +173,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
+	if (ret < 0)
+		return 0;
 	*pp=p;
 	*rl=ret;
 	return(1);
@@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
diff --git a/lib/dns/sec/openssl/cryptlib.c b/lib/dns/sec/openssl/cryptlib.c
index 7b93025cf2e..3666322ff29 100644
--- a/lib/dns/sec/openssl/cryptlib.c
+++ b/lib/dns/sec/openssl/cryptlib.c
@@ -303,3 +303,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+	    file,line,assertion);
+    abort();
+    }
+
diff --git a/lib/dns/sec/openssl/cryptlib.h b/lib/dns/sec/openssl/cryptlib.h
index 33be64edc6b..d26a244a498 100644
--- a/lib/dns/sec/openssl/cryptlib.h
+++ b/lib/dns/sec/openssl/cryptlib.h
@@ -89,6 +89,14 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/dns/sec/openssl/obj_dat.c b/lib/dns/sec/openssl/obj_dat.c
index ea07c065bd8..7b628b0fa7a 100644
--- a/lib/dns/sec/openssl/obj_dat.c
+++ b/lib/dns/sec/openssl/obj_dat.c
@@ -423,7 +423,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[32];
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
 	if (buf_len <= 0) return(0);