Don't try and verify signatures if key is NULL (CVE-2013-0166)

author Dr. Stephen Henson <steve@openssl.org>

Thu, 24 Jan 2013 13:30:42 +0000 (13:30 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 5 Feb 2013 16:50:31 +0000 (16:50 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 24 Jan 2013 13:30:42 +0000 (13:30 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 5 Feb 2013 16:50:31 +0000 (16:50 +0000)
diff --git a/CHANGES b/CHANGES

index 199e70fc72f29d07a97ba3722f0889746fb147a3..8adac3b6d415b380497c39c7ccdbfbbda06d183f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
  
   Changes between 0.9.8x and 0.9.8y [xx XXX xxxx]
  
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
    *) Call OCSP Stapling callback after ciphersuite has been chosen, so
       the right response is stapled. Also change SSL_get_certificate()
       so it returns the certificate actually sent.
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c

index da3efaaf8de524d0aea44ed505182109076a164f..7ded69b170f665825ee1d58135c12862c756f5f2 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
         unsigned char *buf_in=NULL;
         int ret= -1,i,inl;
  
+       if (!pkey)
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+               return -1;
+               }
+
         EVP_MD_CTX_init(&ctx);
         i=OBJ_obj2nid(a->algorithm);
         type=EVP_get_digestbyname(OBJ_nid2sn(i));
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c

index d3b446c5f96e3c189d7a155e13a63ed2a7df3c2e..f24080fa0edaa8ddd631f24e72188abce98f14ff 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                 {
                 EVP_PKEY *skey;
                 skey = X509_get_pubkey(signer);
-               ret = OCSP_BASICRESP_verify(bs, skey, 0);
-               EVP_PKEY_free(skey);
-               if(ret <= 0)
+               if (skey)
+                       {
+                       ret = OCSP_BASICRESP_verify(bs, skey, 0);
+                       EVP_PKEY_free(skey);
+                       }
+               if(!skey || ret <= 0)
                         {
                         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
                         goto end;
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 Jan 2013 13:30:42 +0000 (13:30 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 5 Feb 2013 16:50:31 +0000 (16:50 +0000)
CHANGES		patch \| blob \| history
crypto/asn1/a_verify.c		patch \| blob \| history
crypto/ocsp/ocsp_vfy.c		patch \| blob \| history