Fix undefined behaviour in x509

This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-30 11:15:22 +02:00
parent 7b12492c77
commit 159c524df8
3 changed files with 6 additions and 2 deletions

View File

@ -33,6 +33,8 @@ Features
errors on use of deprecated functions.
Bugfix
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
(detected by Clang's 3.6 UBSan).
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
initialized but not set (found by pravic).
* Fix detection of support for getrandom() on Linux (reported by syzzer) by

View File

@ -462,7 +462,8 @@ int x509_crl_parse_der( x509_crl *chain,
if( crl->sig_oid1.len != crl->sig_oid2.len ||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
( sig_params1.len != 0 &&
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_SIG_MISMATCH );

View File

@ -760,7 +760,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
if( crt->sig_oid1.len != crt->sig_oid2.len ||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
( sig_params1.len != 0 &&
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
{
x509_crt_free( crt );
return( POLARSSL_ERR_X509_SIG_MISMATCH );