git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Tue, 5 Dec 2023 20:24:20 +0000 (15:24 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Wed, 13 Dec 2023 16:10:36 +0000 (11:10 -0500)
commit	a552c23c6502592c1b3c67d93dd7e5ffbe958aa4
tree	717952fda933b4314ddbc14b9322f3ed61ae4044	tree
parent	749fcc0e3ce796474a15d6fac221e57daeacff1e	commit \| diff

Harden asn1 oid loader to invalid inputs

In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init

config_diagnostics = 1

[openssl_init]
oid_section = oids

[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======

The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space

correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)

apps/asn1parse.c		diff \| blob \| blame \| history
crypto/asn1/asn_moid.c		diff \| blob \| blame \| history
test/recipes/04-test_asn1_parse.t	[new file with mode: 0644]	blob
test/test_asn1_parse.cnf	[new file with mode: 0644]	blob