yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-06 22:39:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak with crafted X.509 certs

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-11 23:11:16 +01:00
parent d3ae430241
commit fdec957e55
3 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -6,6 +6,9 @@ Security
* Fix remotely-triggerable uninitialised pointer dereference caused by
crafted X.509 certificate (TLS server is not affected if it doesn't ask
for a client certificate) (found using Codenomicon Defensics).
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
Changes
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.

3
library/x509parse.c
View file

@ -866,6 +866,9 @@ static int x509_get_subject_alt_name( unsigned char **p,
/* Allocate and assign next pointer */
if (*p < end)
{
if( cur->next != NULL )
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS );
cur->next = (asn1_sequence *) malloc(
sizeof( asn1_sequence ) );

3
tests/suites/test_suite_x509parse.data
View file

@ -560,6 +560,9 @@ x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d01010205003
X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
x509parse_crt:"308201ae308201aaa003020102020900a287596575d722e1300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3134313131373039323530345a170d3234313131343039323530345a300f310d300b060355040313045465737430820122300d06092a864886f70d01010105000382010f003082010a0282010100c14da3dde7cd1dd104d74972b899ac0e78e43a3c4acf3a1316d05ae4cda30088a7ee1e6b96a752b490ef2d727a3e249afcb634ac24f577e026648c9cb0287da1daea8ce6c91c96bcfec10452b336d4a3fae1b176d890c161b4665236a22653aaab745e077d1982db2ad81fa0d90d1c2d4966f75b257346e80b8a4f690cb50090e1da8210667dae542b8b657991a1e261c3cd404908ee680cf18b86d246bfd0b8aa11031e7f56a81a1e44180f0f858bda8b445ee218c6622fc7668dfa5dd87df327892901c5900e3f27f130c84a0eefd6dec7c7276bc7053d7ac4023c9a1d3e0fe834985bcb734b5296d811a22c808869395ad30fb0de592f11c7f7ea120130970203010001a321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (SubjectAltName repeated)
x509parse_crt:"308201cd308201c9a003020102020900a287596575d722e1300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3134313131373039323530345a170d3234313131343039323530345a300f310d300b060355040313045465737430820122300d06092a864886f70d01010105000382010f003082010a0282010100c14da3dde7cd1dd104d74972b899ac0e78e43a3c4acf3a1316d05ae4cda30088a7ee1e6b96a752b490ef2d727a3e249afcb634ac24f577e026648c9cb0287da1daea8ce6c91c96bcfec10452b336d4a3fae1b176d890c161b4665236a22653aaab745e077d1982db2ad81fa0d90d1c2d4966f75b257346e80b8a4f690cb50090e1da8210667dae542b8b657991a1e261c3cd404908ee680cf18b86d246bfd0b8aa11031e7f56a81a1e44180f0f858bda8b445ee218c6622fc7668dfa5dd87df327892901c5900e3f27f130c84a0eefd6dec7c7276bc7053d7ac4023c9a1d3e0fe834985bcb734b5296d811a22c808869395ad30fb0de592f11c7f7ea120130970203010001a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS
X509 Certificate ASN1 (correct pubkey, no sig_alg)
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA