diff options
Diffstat (limited to 'src/crypto/x509/x509_vpm.c')
-rw-r--r-- | src/crypto/x509/x509_vpm.c | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/src/crypto/x509/x509_vpm.c b/src/crypto/x509/x509_vpm.c index 0b03361e..43353c6b 100644 --- a/src/crypto/x509/x509_vpm.c +++ b/src/crypto/x509/x509_vpm.c @@ -89,12 +89,9 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, { char *copy; - // This is an OpenSSL quirk that BoringSSL typically doesn't support. - // However, we didn't make this a fatal error at the time, which was a - // mistake. Because of that, given the risk that someone could assume the - // OpenSSL semantics from BoringSSL, it's supported in this case. - if (name != NULL && namelen == 0) { - namelen = strlen(name); + if (name == NULL || namelen == 0) { + // Unlike OpenSSL, we reject trying to set or add an empty name. + return 0; } /* @@ -108,8 +105,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, string_stack_free(id->hosts); id->hosts = NULL; } - if (name == NULL || namelen == 0) - return 1; copy = BUF_strndup(name, namelen); if (copy == NULL) @@ -170,7 +165,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) paramid->ip = NULL; paramid->iplen = 0; } - + paramid->poison = 0; } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) @@ -324,6 +319,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, return 0; } + dest->id->poison = src->id->poison; + return 1; } @@ -342,18 +339,17 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src, size_t srclen) { void *tmp; - if (src) { - if (srclen == 0) { - tmp = BUF_strdup(src); - srclen = strlen(src); - } else - tmp = BUF_memdup(src, srclen); - if (!tmp) - return 0; - } else { - tmp = NULL; - srclen = 0; + if (src == NULL || srclen == 0) { + // Unlike OpenSSL, we do not allow an empty string to disable previously + // configured checks. + return 0; + } + + tmp = BUF_memdup(src, srclen); + if (!tmp) { + return 0; } + if (*pdest) OPENSSL_free(*pdest); *pdest = tmp; @@ -462,13 +458,21 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen) { - return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); + if (!int_x509_param_set_hosts(param->id, SET_HOST, name, namelen)) { + param->id->poison = 1; + return 0; + } + return 1; } int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen) { - return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); + if (!int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen)) { + param->id->poison = 1; + return 0; + } + return 1; } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -485,17 +489,27 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen) { - return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, - email, emaillen); + if (OPENSSL_memchr(email, '\0', emaillen) != NULL || + !int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, + email, emaillen)) { + param->id->poison = 1; + return 0; + } + + return 1; } int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen) { - if (iplen != 0 && iplen != 4 && iplen != 16) + if ((iplen != 4 && iplen != 16) || + !int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen)) { + param->id->poison = 1; return 0; - return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, - (char *)ip, iplen); + } + + return 1; } int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) @@ -520,7 +534,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) } static const X509_VERIFY_PARAM_ID _empty_id = - { NULL, 0U, NULL, NULL, 0, NULL, 0 }; + { NULL, 0U, NULL, NULL, 0, NULL, 0, 0 }; #define vpm_empty_id ((X509_VERIFY_PARAM_ID *)&_empty_id) |