Skip to content

Comments

CMS: resolve the libctx if passed NULL#13657

Closed
botovq wants to merge 1 commit intoopenssl:masterfrom
botovq:cms_resolve_libctx
Closed

CMS: resolve the libctx if passed NULL#13657
botovq wants to merge 1 commit intoopenssl:masterfrom
botovq:cms_resolve_libctx

Conversation

@botovq
Copy link
Contributor

@botovq botovq commented Dec 10, 2020

d2i_CMS_bio(), d2i_CMS_ContentInfo() and SMIME_read_CMS_ex() would
behave differently if passed a cms == NULL or if *cms == NULL although
the API is such that both calls are effectively equivalent. Drop an
incorrect NULL check and resolve the libcontexts in both cases.
This could lead to a NULL pointer dereference in CMS_SignerInfo_verify()
via CMS_verify().

Fixes: #13624
CLA: trivial

@botovq
CMS: resolve the libctx if passed NULL
e4516ce 
d2i_CMS_bio(), d2i_CMS_ContentInfo() and SMIME_read_CMS_ex() would
behave differently if passed a cms == NULL or if *cms == NULL although
the API is such that both calls are effectively equivalent. Drop an
incorrect NULL check and resolve the libcontexts in both cases.
This could lead to a NULL pointer dereference in CMS_SignerInfo_verify()
via CMS_verify().

fixes: openssl#13624
CLA: trivial
t8m
t8m approved these changes Dec 10, 2020
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I certainly would like to see @slontis opinion as he added the condition that is being removed here.

@t8m t8m added approval: review pending This pull request needs review by a committer branch: master Applies to master branch labels Dec 10, 2020
@t8m
Copy link
Member

t8m commented Dec 10, 2020

BTW, I agree with CLA: trivial.

@t8m t8m added the cla: trivial One of the commits is marked as 'CLA: trivial' label Dec 10, 2020
slontis
slontis reviewed Dec 10, 2020
View reviewed changes
Copy link
Member

@slontis slontis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The point here is that if you want to use libctx and propq they need to be setup before this call..
i.e:
ret = CMS_ContentInfo_new_ex(libctx, propq);
and then pass this to the d2i.. otherwise the resolve does not really do much..

If we have a NULL access somewhere then that needs to be addressed instead of doing this.

@botovq
Copy link
Contributor Author

botovq commented Dec 11, 2020 via email
edited
Loading

@botovq
Copy link
Contributor Author

botovq commented Dec 11, 2020
edited
Loading

@slontis It may well be that this masks another bug.

From what you are saying, I still think these checks are incorrect. If you actually want to require that libctx and propq be set up before resolving, the checks should not be if (ci != NULL && cms != NULL), etc but rather if (ci != NULL && cms != NULL && *cms != NULL), etc.

All I'm saying is that the two cases cms == NULL and cms != NULL && *cms == NULL should be treated the same way in these three functions. Dropping the check as I suggest happens to make my test program work for both.

I'll happily rebase, but I would appreciate input on how to fix the missing libctx issue in the crash I'm hitting.

@slontis slontis mentioned this pull request Dec 11, 2020
Closed
2 tasks
@openssl-machine
Copy link
Collaborator

openssl-machine commented Jan 11, 2021

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

@botovq
Copy link
Contributor Author

botovq commented Jan 18, 2021
edited
Loading

I'm closing this as the two commits in PR #13668 (which has just been merged) contain these fixes next to a lot of other stuff.

@botovq botovq closed this Jan 18, 2021
@botovq botovq deleted the cms_resolve_libctx branch January 18, 2021 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slontis slontis slontis left review comments

@t8m t8m t8m approved these changes

Assignees

No one assigned

Labels

approval: review pending This pull request needs review by a committer branch: master Applies to master branch cla: trivial One of the commits is marked as 'CLA: trivial'

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Crash in CMS_verify (OpenSSL 3.0.0-alpha9)

4 participants

@botovq @t8m @openssl-machine @slontis