diff options
author | Xufeng Zhang <xufeng.zhang@windriver.com> | 2013-08-22 11:12:28 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-08-26 11:26:01 +0100 |
commit | 4779d3c89cf0129763a4f5b7306c1247a0d6d021 (patch) | |
tree | 47eaafd26b3e343a602ed240132aca5cca8b83e9 /meta/recipes-connectivity/openssl | |
parent | d1e518b6942b945be7a4d44bc137a1441af8f837 (diff) | |
download | openembedded-core-4779d3c89cf0129763a4f5b7306c1247a0d6d021.tar.gz openembedded-core-4779d3c89cf0129763a4f5b7306c1247a0d6d021.tar.bz2 openembedded-core-4779d3c89cf0129763a4f5b7306c1247a0d6d021.zip |
openssl: avoid NULL pointer dereference in three places
There are three potential NULL pointer dereference in
EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode()
functions.
Fix them by adding proper null pointer check.
[YOCTO #4600]
[ CQID: WIND00373257 ]
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
3 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch new file mode 100644 index 0000000000..c161e62f62 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -0,0 +1,21 @@ +openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() + +We should avoid accessing the type pointer if it's NULL, +this could happen if ctx->digest is not NULL. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html + +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +--- +--- a/crypto/evp/digest.c ++++ b/crypto/evp/digest.c +@@ -199,7 +199,7 @@ + return 0; + } + #endif +- if (ctx->digest != type) ++ if (type && (ctx->digest != type)) + { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch new file mode 100644 index 0000000000..3e93fe4e22 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch @@ -0,0 +1,39 @@ +openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() + +We should avoid accessing the pointer if ASN1_STRING_new() +allocates memory failed. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html + +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +--- +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -139,6 +139,12 @@ + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { +--- a/crypto/dsa/dsa_ameth.c ++++ b/crypto/dsa/dsa_ameth.c +@@ -148,6 +148,11 @@ + { + ASN1_STRING *str; + str = ASN1_STRING_new(); ++ if (!str) ++ { ++ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) + { diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index bd6fd046a3..ac27dba494 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -31,6 +31,8 @@ SRC_URI += "file://configure-targets.patch \ file://openssl_fix_for_x32.patch \ file://openssl-fix-doc.patch \ file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ file://find.pl \ " |