Skip to content

Commit 8f07881

Browse files
mattcaswelltmshort
mattcaswell
authored and
tmshort
committed
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Todd Short <[email protected]> (Merged from openssl#18514) (cherry picked from commit 01fc9b6)
1 parent ab7d056 commit 8f07881

File tree

2 files changed

+100
-9
lines changed

2 files changed

+100
-9
lines changed

crypto/x509v3/v3_asid.c

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
700700
*/
701701
int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
702702
{
703-
return (a == NULL ||
704-
a == b ||
705-
(b != NULL &&
706-
!X509v3_asid_inherits(a) &&
707-
!X509v3_asid_inherits(b) &&
708-
asid_contains(b->asnum->u.asIdsOrRanges,
709-
a->asnum->u.asIdsOrRanges) &&
710-
asid_contains(b->rdi->u.asIdsOrRanges,
711-
a->rdi->u.asIdsOrRanges)));
703+
int subset;
704+
705+
if (a == NULL || a == b)
706+
return 1;
707+
708+
if (b == NULL)
709+
return 0;
710+
711+
if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b))
712+
return 0;
713+
714+
subset = a->asnum == NULL
715+
|| (b->asnum != NULL
716+
&& asid_contains(b->asnum->u.asIdsOrRanges,
717+
a->asnum->u.asIdsOrRanges));
718+
if (!subset)
719+
return 0;
720+
721+
return a->rdi == NULL
722+
|| (b->rdi != NULL
723+
&& asid_contains(b->rdi->u.asIdsOrRanges,
724+
a->rdi->u.asIdsOrRanges));
712725
}
713726

714727
/*

test/v3ext.c

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,89 @@ static int test_pathlen(void)
3737
return ret;
3838
}
3939

40+
static int test_asid(void)
41+
{
42+
ASN1_INTEGER *val1 = NULL, *val2 = NULL;
43+
ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(),
44+
*asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new();
45+
int testresult = 0;
46+
47+
if (!TEST_ptr(asid1)
48+
|| !TEST_ptr(asid2)
49+
|| !TEST_ptr(asid3))
50+
goto err;
51+
52+
if (!TEST_ptr(val1 = ASN1_INTEGER_new())
53+
|| !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)))
54+
goto err;
55+
56+
if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL)))
57+
goto err;
58+
59+
val1 = NULL;
60+
if (!TEST_ptr(val2 = ASN1_INTEGER_new())
61+
|| !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
62+
goto err;
63+
64+
if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL)))
65+
goto err;
66+
67+
val2 = NULL;
68+
if (!TEST_ptr(val1 = ASN1_INTEGER_new())
69+
|| !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))
70+
|| !TEST_ptr(val2 = ASN1_INTEGER_new())
71+
|| !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
72+
goto err;
73+
74+
/*
75+
* Just tests V3_ASID_ASNUM for now. Could be extended at some point to also
76+
* test V3_ASID_RDI if we think it is worth it.
77+
*/
78+
if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2)))
79+
goto err;
80+
val1 = val2 = NULL;
81+
82+
/* Actual subsets */
83+
if (!TEST_true(X509v3_asid_subset(NULL, NULL))
84+
|| !TEST_true(X509v3_asid_subset(NULL, asid1))
85+
|| !TEST_true(X509v3_asid_subset(asid1, asid1))
86+
|| !TEST_true(X509v3_asid_subset(asid2, asid2))
87+
|| !TEST_true(X509v3_asid_subset(asid1, asid3))
88+
|| !TEST_true(X509v3_asid_subset(asid2, asid3))
89+
|| !TEST_true(X509v3_asid_subset(asid3, asid3))
90+
|| !TEST_true(X509v3_asid_subset(asid4, asid1))
91+
|| !TEST_true(X509v3_asid_subset(asid4, asid2))
92+
|| !TEST_true(X509v3_asid_subset(asid4, asid3)))
93+
goto err;
94+
95+
/* Not subsets */
96+
if (!TEST_false(X509v3_asid_subset(asid1, NULL))
97+
|| !TEST_false(X509v3_asid_subset(asid1, asid2))
98+
|| !TEST_false(X509v3_asid_subset(asid2, asid1))
99+
|| !TEST_false(X509v3_asid_subset(asid3, asid1))
100+
|| !TEST_false(X509v3_asid_subset(asid3, asid2))
101+
|| !TEST_false(X509v3_asid_subset(asid1, asid4))
102+
|| !TEST_false(X509v3_asid_subset(asid2, asid4))
103+
|| !TEST_false(X509v3_asid_subset(asid3, asid4)))
104+
goto err;
105+
106+
testresult = 1;
107+
err:
108+
ASN1_INTEGER_free(val1);
109+
ASN1_INTEGER_free(val2);
110+
ASIdentifiers_free(asid1);
111+
ASIdentifiers_free(asid2);
112+
ASIdentifiers_free(asid3);
113+
ASIdentifiers_free(asid4);
114+
return testresult;
115+
}
116+
40117
int setup_tests(void)
41118
{
42119
if (!TEST_ptr(infile = test_get_argument(0)))
43120
return 0;
44121

45122
ADD_TEST(test_pathlen);
123+
ADD_TEST(test_asid);
46124
return 1;
47125
}

0 commit comments

Comments
 (0)