Commit 39c76ceb authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Better handling of verify param id peername field 



Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).

In x509_verify_param_zero() set peername to NULL after freeing it.

In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername.  This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>

(cherry picked from commit a0724ef1)
parent 0a1682d8

crypto/x509/x509_vfy.c

+4 −0
Original line number Diff line number Diff line
@@ -753,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 
    int n = sk_OPENSSL_STRING_num(id->hosts);

    char *name;



    if (id->peername != NULL) {

        OPENSSL_free(id->peername);

        id->peername = NULL;

    }

    for (i = 0; i < n; ++i) {

        name = sk_OPENSSL_STRING_value(id->hosts, i);

        if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)

crypto/x509/x509_vpm.c

+11 −4
Original line number Diff line number Diff line
@@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) 
    }

    if (paramid->peername)

        OPENSSL_free(paramid->peername);

    paramid->peername = NULL;

    if (paramid->email) {

        OPENSSL_free(paramid->email);

        paramid->email = NULL;
@@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) 
        paramid->ip = NULL;

        paramid->iplen = 0;

    }



}



X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
@@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) 
    param = OPENSSL_malloc(sizeof *param);

    if (!param)

        return NULL;

    paramid = OPENSSL_malloc(sizeof *paramid);

    memset(param, 0, sizeof(*param));



    paramid = OPENSSL_malloc(sizeof(*paramid));

    if (!paramid) {

        OPENSSL_free(param);

        return NULL;

    }

    memset(param, 0, sizeof *param);

    memset(paramid, 0, sizeof *paramid);

    memset(paramid, 0, sizeof(*paramid));

    /* Exotic platforms may have non-zero bit representation of NULL */

    paramid->hosts = NULL;

    paramid->peername = NULL;

    paramid->email = NULL;

    paramid->ip = NULL;



    param->id = paramid;

    x509_verify_param_zero(param);

    return param;