Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 10 Dec 1999 13:46:48 +0000 (13:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 10 Dec 1999 13:46:48 +0000 (13:46 +0000)
Also fix a memory leak in PKCS#7 routines.

CHANGES
crypto/asn1/a_enum.c
crypto/asn1/a_int.c
crypto/asn1/a_object.c
crypto/pkcs7/pk7_lib.c

diff --git a/CHANGES b/CHANGES
index 5e1883f..196e56d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Some ASN1 types with illegal zero length encoding (INTEGER,
+     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+     [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
+
   *) Merge in my S/MIME library for OpenSSL. This provides a simple
      S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
      functionality to handle multipart/signed properly) and a utility
index 61349ed..38134f3 100644 (file)
@@ -177,7 +177,12 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
                goto err;
                }
        to=s;
-       if (*p & 0x80) /* a negative number */
+       if(!len) {
+               /* Strictly speaking this is an illegal ENUMERATED but we
+                * tolerate it.
+                */
+               ret->type=V_ASN1_INTEGER;
+       } else if (*p & 0x80) /* a negative number */
                {
                ret->type=V_ASN1_NEG_ENUMERATED;
                if ((*p == 0xff) && (len != 1)) {
index 7ed99eb..bcbdc7d 100644 (file)
@@ -202,7 +202,12 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
                goto err;
                }
        to=s;
-       if (*p & 0x80) /* a negative number */
+       if(!len) {
+               /* Strictly speaking this is an illegal INTEGER but we
+                * tolerate it.
+                */
+               ret->type=V_ASN1_INTEGER;
+       } else if (*p & 0x80) /* a negative number */
                {
                ret->type=V_ASN1_NEG_INTEGER;
                if ((*p == 0xff) && (len != 1)) {
@@ -301,7 +306,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
                goto err;
                }
        to=s;
-               ret->type=V_ASN1_INTEGER;
+       ret->type=V_ASN1_INTEGER;
+       if(len) {
                if ((*p == 0) && (len != 1))
                        {
                        p++;
@@ -309,6 +315,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
                        }
                memcpy(s,p,(int)len);
                p+=len;
+       }
 
        if (ret->data != NULL) Free((char *)ret->data);
        ret->data=s;
index b94b418..ab69b95 100644 (file)
@@ -223,7 +223,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
        if ((ret->data == NULL) || (ret->length < len))
                {
                if (ret->data != NULL) Free((char *)ret->data);
-               ret->data=(unsigned char *)Malloc((int)len);
+               ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
                if (ret->data == NULL)
                        { i=ERR_R_MALLOC_FAILURE; goto err; }
index 312a5ed..388a1d7 100644 (file)
@@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
                {
        case NID_pkcs7_signed:
                if (p7->d.sign->contents != NULL)
-                       PKCS7_content_free(p7->d.sign->contents);
+                       PKCS7_free(p7->d.sign->contents);
                p7->d.sign->contents=p7_data;
                break;
        case NID_pkcs7_digest: