summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXufeng Zhang <xufeng.zhang@windriver.com>2013-08-22 11:12:28 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-08-26 11:47:17 +0100
commitc82255d90b2d26c8affcbb81bfa4793033610de1 (patch)
tree52a20d31943f4cb7bb08389a4d98b276fd1bfc41
parentb9f0fc6e983f492533fd9321183666d61f474a58 (diff)
downloadpoky-c82255d90b2d26c8affcbb81bfa4793033610de1.tar.gz
openssl: avoid NULL pointer dereference in three places
There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] (From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021) Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch21
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch39
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1e.bb2
3 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 0000000000..c161e62f62
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
1openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
2
3We should avoid accessing the type pointer if it's NULL,
4this could happen if ctx->digest is not NULL.
5
6Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10---
11--- a/crypto/evp/digest.c
12+++ b/crypto/evp/digest.c
13@@ -199,7 +199,7 @@
14 return 0;
15 }
16 #endif
17- if (ctx->digest != type)
18+ if (type && (ctx->digest != type))
19 {
20 if (ctx->digest && ctx->digest->ctx_size)
21 OPENSSL_free(ctx->md_data);
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
new file mode 100644
index 0000000000..3e93fe4e22
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
1openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
2
3We should avoid accessing the pointer if ASN1_STRING_new()
4allocates memory failed.
5
6Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10---
11--- a/crypto/dh/dh_ameth.c
12+++ b/crypto/dh/dh_ameth.c
13@@ -139,6 +139,12 @@
14 dh=pkey->pkey.dh;
15
16 str = ASN1_STRING_new();
17+ if (!str)
18+ {
19+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
20+ goto err;
21+ }
22+
23 str->length = i2d_DHparams(dh, &str->data);
24 if (str->length <= 0)
25 {
26--- a/crypto/dsa/dsa_ameth.c
27+++ b/crypto/dsa/dsa_ameth.c
28@@ -148,6 +148,11 @@
29 {
30 ASN1_STRING *str;
31 str = ASN1_STRING_new();
32+ if (!str)
33+ {
34+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
35+ goto err;
36+ }
37 str->length = i2d_DSAparams(dsa, &str->data);
38 if (str->length <= 0)
39 {
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index bd6fd046a3..ac27dba494 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -31,6 +31,8 @@ SRC_URI += "file://configure-targets.patch \
31 file://openssl_fix_for_x32.patch \ 31 file://openssl_fix_for_x32.patch \
32 file://openssl-fix-doc.patch \ 32 file://openssl-fix-doc.patch \
33 file://fix-cipher-des-ede3-cfb1.patch \ 33 file://fix-cipher-des-ede3-cfb1.patch \
34 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
35 file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
34 file://find.pl \ 36 file://find.pl \
35 " 37 "
36 38