From 159c524df847edc5737f7740ed8c864d0f3ba9d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Apr 2015 11:15:22 +0200 Subject: [PATCH] Fix undefined behaviour in x509 --- ChangeLog | 2 ++ library/x509_crl.c | 3 ++- library/x509_crt.c | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index c4203930d..7e7374bd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,8 @@ Features errors on use of deprecated functions. Bugfix + * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules + (detected by Clang's 3.6 UBSan). * mpi_size() and mpi_msb() would segfault when called on an mpi that is initialized but not set (found by pravic). * Fix detection of support for getrandom() on Linux (reported by syzzer) by diff --git a/library/x509_crl.c b/library/x509_crl.c index e2076a661..de2079fc7 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -462,7 +462,8 @@ int x509_crl_parse_der( x509_crl *chain, if( crl->sig_oid1.len != crl->sig_oid2.len || memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_SIG_MISMATCH ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 4e4d806a9..fe9e552d2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -760,7 +760,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, if( crt->sig_oid1.len != crt->sig_oid2.len || memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { x509_crt_free( crt ); return( POLARSSL_ERR_X509_SIG_MISMATCH );