svn commit: r1815218 - in /tomcat/native/trunk: native/src/sslutils.c xdocs/miscellaneous/changelog.xml

Tue, 14 Nov 2017 06:05:58 -0800 

Author: markt
Date: Tue Nov 14 14:05:40 2017
New Revision: 1815218

URL: http://svn.apache.org/viewvc?rev=1815218&view=rev
Log:
Further clean-up in the parsing of the OCSP extension.

Modified:
    tomcat/native/trunk/native/src/sslutils.c
    tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/sslutils.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1815218&r1=1815217&r2=1815218&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Tue Nov 14 14:05:40 2017
@@ -550,7 +550,7 @@ static void *apr_xrealloc(void *buf, siz
 }
 
 /* Parses an ASN.1 length.
- * On entry, ans1 points to the current tag.
+ * On entry, asn1 points to the current tag.
  * Updates the pointer to the ASN.1 structure to point to the start of the 
data.
  * Returns 0 on success, 1 on failure.
  */
@@ -569,9 +569,18 @@ static int parse_asn1_length(unsigned ch
         i = **asn1 & 0x7F;
 
         if (i == 0) {
-            // Should be at least 1 byte
+            /* This is the indefinite form of length. Since certificates use 
DER
+             * this should never happen and is therefore an error.
+                */
             return 1;
         }
+        if (i > 3) {
+               /* Three bytes for length gives a maximum of 16MB which should 
be
+                * far more than is required. (2 bytes is 64K which is probably 
more
+                * than enough but play safe.)
+                */
+               return 1;
+        }
 
         // Most significant byte is first
         l = 0;
@@ -634,7 +643,7 @@ static int parse_ASN1_OID(unsigned char
 
     err = parse_asn1_length(&asn1, &len);
 
-    if (!err && memcmp(asn1, OCSP_OID, len) == 0) {
+    if (!err && len == 8 && memcmp(asn1, OCSP_OID, 8) == 0) {
         asn1+=len;
         err = parse_ocsp_url(asn1, ocsp_urls, nocsp_urls, p);
     }
@@ -663,7 +672,7 @@ static int parse_ASN1_Sequence(unsigned
             break;
             case ASN1_OID:
                 err = parse_ASN1_OID(asn1,ocsp_urls,nocsp_urls, p);
-                return 0;
+                return err;
             break;
             default:
                 err = 1; /* we shouldn't have any errors */

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1815218&r1=1815217&r2=1815218&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Tue Nov 14 14:05:40 
2017
@@ -34,6 +34,13 @@
   This is the Changelog for Tomcat Native 1.2.
   </p>
 </section>
+<section name="Changes in 1.2.16">
+  <changelog>
+    <fix>
+      Further clean-up in the parsing of the OCSP extension. (markt)
+    </fix>
+  </changelog>
+</section>
 <section name="Changes in 1.2.15">
   <changelog>
     <update>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to