From 83f70d68d6c3086241c041ba26786fd822179f2e Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Tue, 4 Nov 2003 11:30:40 +0000 Subject: [PATCH] Stop bug triggering large recursion when presented with certain ASN.1 tags (CAN-2003-0851) --- CHANGES | 8 ++++++-- NEWS | 4 ++++ README | 2 +- STATUS | 3 ++- crypto/asn1/a_bytes.c | 13 +++++++------ crypto/opensslv.h | 4 ++-- openssl.spec | 2 +- 7 files changed, 23 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 1d7e395b14..da33dfa0d9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,9 +2,13 @@ OpenSSL CHANGES _______________ - Changes between 0.9.6k and 0.9.6l [xx XXX XXXX] + Changes between 0.9.6k and 0.9.6l [04 Nov 2003] - *) + *) Fix additional bug revealed by the NISCC test suite: + + Stop bug triggering large recursion when presented with + certain ASN.1 tags (CAN-2003-0851) + [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] diff --git a/NEWS b/NEWS index 611ffa5376..79dea2d72c 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l: + + o Security: fix ASN1 bug leading to large recursion + Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: o Security: fix various ASN1 parsing bugs. diff --git a/README b/README index 669facb8b0..fc681edfd2 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.6k 30 Sep 2003 + OpenSSL 0.9.6l 04 Nov 2003 Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/STATUS b/STATUS index f248b9d013..4594171b5b 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2003/09/30 12:09:11 $ + ______________ $Date: 2003/11/04 11:30:38 $ DEVELOPMENT STATE @@ -9,6 +9,7 @@ o OpenSSL 0.9.7b: Released on April 10th, 2003 o OpenSSL 0.9.7a: Released on February 19th, 2003 o OpenSSL 0.9.7: Released on December 31st, 2002 + o OpenSSL 0.9.6l: Released on November 4th, 2003 o OpenSSL 0.9.6k: Released on September 30th, 2003 o OpenSSL 0.9.6j: Released on April 10th, 2003 o OpenSSL 0.9.6i: Released on February 19th, 2003 diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c index 3a0c0c7835..6595255cf8 100644 --- a/crypto/asn1/a_bytes.c +++ b/crypto/asn1/a_bytes.c @@ -201,7 +201,10 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, c.pp=pp; c.p=p; c.inf=inf; - c.slen=len; + if (inf & 1) + c.slen = length - (p - *pp); + else + c.slen=len; c.tag=Ptag; c.xclass=Pclass; c.max=(length == 0)?0:(p+length); @@ -279,8 +282,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) { if (c->inf & 1) { - c->eos=ASN1_check_infinite_end(&c->p, - (long)(c->max-c->p)); + c->eos=ASN1_check_infinite_end(&c->p, c->slen); if (c->eos) break; } else @@ -289,7 +291,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) } c->q=c->p; - if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) + if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass) == NULL) { c->error=ERR_R_ASN1_LIB; @@ -302,8 +304,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } memcpy(&(b.data[num]),os->data,os->length); - if (!(c->inf & 1)) - c->slen-=(c->p-c->q); + c->slen-=(c->p-c->q); num+=os->length; } diff --git a/crypto/opensslv.h b/crypto/opensslv.h index af820c6a42..e5a70060ad 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009060c0L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6l-dev xx XXX XXXX" +#define OPENSSL_VERSION_NUMBER 0x009060cfL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6l 04 Nov 2003" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 8c1f863fcc..c93b917dfd 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 6 -%define librev k +%define librev l Release: 1 %define openssldir /var/ssl -- 2.25.1