subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1635357 - /subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
Date Thu, 30 Oct 2014 00:41:58 GMT
Author: breser
Date: Thu Oct 30 00:41:58 2014
New Revision: 1635357

URL: http://svn.apache.org/r1635357
Log:
On 'svn-auth-x509' branch: Don't dereference pointers that might be outside the
length of the buffer.

* subversion/libsvn_subr/x509parse.c
  (x509_get_name, x509_get_date, x509_get_sig, x509_get_uid): Don't retrieve
    the tag from the pointer before checking the length, which asn1_get_tag()
    does for us.  It also compares the tag to the one we ask for, so where
    we want to store the tag, store it explicilty rather than from the tag.

Found by: philip

Modified:
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1635357&r1=1635356&r2=1635357&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Thu Oct 30 00:41:58
2014
@@ -314,12 +314,12 @@ x509_get_name(const unsigned char **p, c
     }
 
   oid = &cur->oid;
-  oid->tag = **p;
 
   err = asn1_get_tag(p, end, &oid->len, ASN1_OID);
   if (err)
     return svn_error_create(SVN_ERR_X509_CERT_INVALID_NAME, err, NULL);
 
+  oid->tag = ASN1_OID;
   oid->p = *p;
   *p += oid->len;
 
@@ -384,13 +384,16 @@ x509_get_date(apr_time_t *when,
   apr_time_exp_t xt = { 0 };
   char tz;
 
-  tag = **p;
   err = asn1_get_tag(p, end, &len, ASN1_UTC_TIME);
   if (err && err->apr_err == SVN_ERR_ASN1_UNEXPECTED_TAG)
     {
       svn_error_clear(err);
-      tag = **p;
       err = asn1_get_tag(p, end, &len, ASN1_GENERALIZED_TIME);
+      tag = ASN1_GENERALIZED_TIME;
+    }
+  else
+    {
+      tag = ASN1_UTC_TIME;
     }
   if (err)
     return svn_error_create(SVN_ERR_X509_CERT_INVALID_DATE, err, NULL);
@@ -493,12 +496,12 @@ x509_get_sig(const unsigned char **p, co
   svn_error_t *err;
   ptrdiff_t len;
 
-  sig->tag = **p;
-
   err = asn1_get_tag(p, end, &len, ASN1_BIT_STRING);
   if (err)
     return svn_error_create(SVN_ERR_X509_CERT_INVALID_SIGNATURE, err, NULL);
 
+  sig->tag = ASN1_BIT_STRING;
+
   if (--len < 1 || *(*p)++ != 0)
     return svn_error_create(SVN_ERR_X509_CERT_INVALID_SIGNATURE, NULL, NULL);
 
@@ -522,8 +525,6 @@ x509_get_uid(const unsigned char **p,
   if (*p == end)
     return SVN_NO_ERROR;
 
-  uid->tag = **p;
-
   err = asn1_get_tag(p, end, &uid->len,
                      ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n);
   if (err)
@@ -537,6 +538,7 @@ x509_get_uid(const unsigned char **p,
       return svn_error_trace(err);
     }
 
+  uid->tag = ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n;
   uid->p = *p;
   *p += uid->len;
 



Mime
View raw message