openssl: avoid NULL pointer dereference in three places

There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] (From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021) Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Xufeng Zhang <xufeng.zhang@windriver.com> 2013-08-22 11:12:28 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-08-26 11:47:17 +0100
commit: c82255d90b2d26c8affcbb81bfa4793033610de1 (patch)
tree: 52a20d31943f4cb7bb08389a4d98b276fd1bfc41
parent: b9f0fc6e983f492533fd9321183666d61f474a58 (diff)
download: poky-c82255d90b2d26c8affcbb81bfa4793033610de1.tar.gz
3 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 0000000000..c161e62f62
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
+openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
+We should avoid accessing the type pointer if it's NULL,
+this could happen if ctx->digest is not NULL.
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
+@@ -199,7 +199,7 @@
+                return 0;
+                }
+ #endif
+-       if (ctx->digest != type)
+       if (type && (ctx->digest != type))
+                {
+                if (ctx->digest && ctx->digest->ctx_size)
+                        OPENSSL_free(ctx->md_data);
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
new file mode 100644
index 0000000000..3e93fe4e22
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
+openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
+We should avoid accessing the pointer if ASN1_STRING_new()
+allocates memory failed.
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+---
+--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
+@@ -139,6 +139,12 @@
+        dh=pkey->pkey.dh;
+ 
+        str = ASN1_STRING_new();
+       if (!str)
+               {
+               DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
+        str->length = i2d_DHparams(dh, &str->data);
+        if (str->length <= 0)
+                {
+--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
+@@ -148,6 +148,11 @@
+                {
+                ASN1_STRING *str;
+                str = ASN1_STRING_new();
+               if (!str)
+                       {
+                       DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+                str->length = i2d_DSAparams(dsa, &str->data);
+                if (str->length <= 0)
+                        {
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index bd6fd046a3..ac27dba494 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -31,6 +31,8 @@ SRC_URI += "file://configure-targets.patch \
            file://openssl_fix_for_x32.patch \
            file://openssl-fix-doc.patch \
            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
            file://find.pl \
           "
author	Xufeng Zhang <xufeng.zhang@windriver.com>	2013-08-22 11:12:28 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-08-26 11:47:17 +0100
commit	c82255d90b2d26c8affcbb81bfa4793033610de1 (patch)
tree	52a20d31943f4cb7bb08389a4d98b276fd1bfc41
parent	b9f0fc6e983f492533fd9321183666d61f474a58 (diff)
download	poky-c82255d90b2d26c8affcbb81bfa4793033610de1.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch new file mode 100644 index 0000000000..c161e62f62 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
		1	openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
		2
		3	We should avoid accessing the type pointer if it's NULL,
		4	this could happen if ctx->digest is not NULL.
		5
		6	Upstream-Status: Submitted
		7	http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
		8
		9	Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
		10	---
		11	--- a/crypto/evp/digest.c
		12	+++ b/crypto/evp/digest.c
		13	@@ -199,7 +199,7 @@
		14	return 0;
		15	}
		16	#endif
		17	- if (ctx->digest != type)
		18	+ if (type && (ctx->digest != type))
		19	{
		20	if (ctx->digest && ctx->digest->ctx_size)
		21	OPENSSL_free(ctx->md_data);


diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch new file mode 100644 index 0000000000..3e93fe4e22 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
		1	openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
		2
		3	We should avoid accessing the pointer if ASN1_STRING_new()
		4	allocates memory failed.
		5
		6	Upstream-Status: Submitted
		7	http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
		8
		9	Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
		10	---
		11	--- a/crypto/dh/dh_ameth.c
		12	+++ b/crypto/dh/dh_ameth.c
		13	@@ -139,6 +139,12 @@
		14	dh=pkey->pkey.dh;
		15
		16	str = ASN1_STRING_new();
		17	+ if (!str)
		18	+ {
		19	+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		20	+ goto err;
		21	+ }
		22	+
		23	str->length = i2d_DHparams(dh, &str->data);
		24	if (str->length <= 0)
		25	{
		26	--- a/crypto/dsa/dsa_ameth.c
		27	+++ b/crypto/dsa/dsa_ameth.c
		28	@@ -148,6 +148,11 @@
		29	{
		30	ASN1_STRING *str;
		31	str = ASN1_STRING_new();
		32	+ if (!str)
		33	+ {
		34	+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
		35	+ goto err;
		36	+ }
		37	str->length = i2d_DSAparams(dsa, &str->data);
		38	if (str->length <= 0)
		39	{


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index bd6fd046a3..ac27dba494 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -31,6 +31,8 @@ SRC_URI += "file://configure-targets.patch \
31	file://openssl_fix_for_x32.patch \	31	file://openssl_fix_for_x32.patch \
32	file://openssl-fix-doc.patch \	32	file://openssl-fix-doc.patch \
33	file://fix-cipher-des-ede3-cfb1.patch \	33	file://fix-cipher-des-ede3-cfb1.patch \
		34	file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
		35	file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
34	file://find.pl \	36	file://find.pl \
35	"	37	"
36		38