-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this: openssl_conf = openssl_init [openssl_init] stbl_section = mstbl [mstbl] id-tc26 = min Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a proper section name without a trailing colon to associate it with a value. As a result the stack of configuration values has an entry with a null value in it, which leads to the SIGSEGV in do_tcreate when we attempt to pass NULL to strtoul. Fix it by skipping any entry in the config name/value list that has a null value, prior to passing it to stroul Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22988) (cherry picked from commit 0981c20)
- Loading branch information
Showing
5 changed files
with
131 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
/* | ||
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License 2.0 (the "License"). You may not use | ||
* this file except in compliance with the License. You can obtain a copy | ||
* in the file LICENSE in the source distribution or at | ||
* https://www.openssl.org/source/license.html | ||
*/ | ||
|
||
#include <openssl/evp.h> | ||
#include "testutil.h" | ||
|
||
static char *config_file = NULL; | ||
|
||
typedef enum OPTION_choice { | ||
OPT_ERR = -1, | ||
OPT_EOF = 0, | ||
OPT_CONFIG_FILE, | ||
OPT_TEST_ENUM | ||
} OPTION_CHOICE; | ||
|
||
const OPTIONS *test_get_options(void) | ||
{ | ||
static const OPTIONS options[] = { | ||
OPT_TEST_OPTIONS_DEFAULT_USAGE, | ||
{ "config", OPT_CONFIG_FILE, '<', | ||
"The configuration file to use for the libctx" }, | ||
{ NULL } | ||
}; | ||
return options; | ||
} | ||
|
||
|
||
/* | ||
* Test that parsing a config file with incorrect stable settings aren't parsed | ||
* and appropriate errors are raised | ||
*/ | ||
static int test_asn1_stable_parse(void) | ||
{ | ||
int testret = 0; | ||
unsigned long errcode; | ||
OSSL_LIB_CTX *newctx = OSSL_LIB_CTX_new(); | ||
|
||
if (!TEST_ptr(newctx)) | ||
goto out; | ||
|
||
if (!TEST_int_eq(OSSL_LIB_CTX_load_config(newctx, config_file), 0)) | ||
goto err; | ||
|
||
errcode = ERR_peek_error(); | ||
if (ERR_GET_LIB(errcode) != ERR_LIB_ASN1) | ||
goto err; | ||
if (ERR_GET_REASON(errcode) != ASN1_R_INVALID_STRING_TABLE_VALUE) | ||
goto err; | ||
|
||
ERR_clear_error(); | ||
|
||
testret = 1; | ||
err: | ||
OSSL_LIB_CTX_free(newctx); | ||
out: | ||
return testret; | ||
} | ||
|
||
int setup_tests(void) | ||
{ | ||
OPTION_CHOICE o; | ||
|
||
while ((o = opt_next()) != OPT_EOF) { | ||
switch (o) { | ||
case OPT_CONFIG_FILE: | ||
config_file = opt_arg(); | ||
break; | ||
default: | ||
return 0; | ||
} | ||
} | ||
|
||
ADD_TEST(test_asn1_stable_parse); | ||
return 1; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#! /usr/bin/env perl | ||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License 2.0 (the "License"). You may not use | ||
# this file except in compliance with the License. You can obtain a copy | ||
# in the file LICENSE in the source distribution or at | ||
# https://www.openssl.org/source/license.html | ||
|
||
|
||
use OpenSSL::Test::Simple; | ||
use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file data_dir/; | ||
use OpenSSL::Test::Utils; | ||
use Cwd qw(abs_path); | ||
|
||
BEGIN { | ||
setup("test_asn1_stable_parse"); | ||
} | ||
my $config_path = srctop_file("test", "recipes", "04-test_asn1_stable_parse_data", "asn1_stable_parse.cnf"); | ||
|
||
plan tests => 1; | ||
|
||
ok(run(test(["asn1_stable_parse_test", "-config", $config_path])), | ||
"Confirm that malformed entries in stable section are not parsed"); | ||
|
16 changes: 16 additions & 0 deletions
16
test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
openssl_conf = openssl_init | ||
config_diagnostics = 1 | ||
|
||
[openssl_init] | ||
s = mstbl | ||
|
||
[mstbl] | ||
id-tc26 = min | ||
id-tc27 = :::::: | ||
id-tc28 = ,,,,,, | ||
id-tc29 = :,:,:, | ||
id-tc30 = n1:min | ||
id-tc31 = n2:max | ||
id-tc32 = n3: | ||
id-tc33 = :0 | ||
|