Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix undefined behaviour in X509_NAME_cmp() #6291

Closed
wants to merge 1 commit into from
Closed

Fix undefined behaviour in X509_NAME_cmp() #6291

wants to merge 1 commit into from

Conversation

mattcaswell
Copy link
Member

If the lengths of both names is 0 then don't attempt to do a memcmp.

Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.

@mattcaswell
Fix undefined behaviour in X509_NAME_cmp()
22fffed 
If the lengths of both names is 0 then don't attempt to do a memcmp.

Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.
@mattcaswell mattcaswell added branch: master Merge to master branch branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch 1.1.0 branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels May 18, 2018
@mattcaswell
Copy link
Member Author

Appveyor red cross appears unrelated.

dot-asm
dot-asm reviewed May 18, 2018
View reviewed changes
crypto/x509/x509_cmp.c
@@ -173,7 +173,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)

ret = a->canon_enclen - b->canon_enclen;

if (ret)
if (ret != 0 || a->canon_enclen == 0)
Copy link
Contributor

@dot-asm dot-asm May 18, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we are at it, wouldn't it be appropriate to harmonize even ![ab]->cannon_enc checks? Well, one can say that since it goes all the way down to 1.0.2, then it might be not as appropriate... Side note then?

On another side note, function shamelessly breaks const contract, so it would be only appropriate to omit const qualifier [in next release]. But if considered inappropriate, then one can wonder if this contradiction should be resolved already now.

BTW, there is related "philosophical" question. While modification preserves original behaviour, one can wonder if it would appropriate to consider empty strings to be non-equal. Unless a and b are same. I mean empty string in one object can be viewed as non-equal to another [empty string]. Rationale is that empty string would indicate an impossible value, and comparison of impossible values is meaningless. For example 1/x and 1/x^2 for x=0 are both impossible, but are they equal? The question is rhetorical.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note then?

I'll take it as a side note :-)

@dot-asm
Copy link
Contributor

dot-asm commented May 18, 2018

Appveyor red cross appears unrelated.

There should have been alert that was not observed. It's not big mystery on how to solve it. In sense that it's bigger mystery why failure is so seldom. It's second time I note it since big TLSProxy overhaul. Well, I might have missed another or couple...

@richsalz richsalz added the approval: done This pull request has the required number of approvals label May 18, 2018
levitte pushed a commit that referenced this pull request May 21, 2018
@mattcaswell
Fix undefined behaviour in X509_NAME_cmp()
bbe75a2 
If the lengths of both names is 0 then don't attempt to do a memcmp.

Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from #6291)

(cherry picked from commit 511190b)
levitte pushed a commit that referenced this pull request May 21, 2018
@mattcaswell
Fix undefined behaviour in X509_NAME_cmp()
f2bb6b8 
If the lengths of both names is 0 then don't attempt to do a memcmp.

Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from #6291)

(cherry picked from commit 511190b)
@mattcaswell
Copy link
Member Author

Pushed. Thanks.

levitte pushed a commit that referenced this pull request May 21, 2018
@mattcaswell
Fix undefined behaviour in X509_NAME_cmp()
511190b 
If the lengths of both names is 0 then don't attempt to do a memcmp.

Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from #6291)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dot-asm dot-asm dot-asm left review comments

@mspncp mspncp mspncp approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mattcaswell @dot-asm @mspncp @richsalz