x509v3

Jeff Rizzo Wed, 25 Jan 2012 12:18:52 -0800

Module Name:    src
Committed By:   riz
Date:           Wed Jan 25 20:18:49 UTC 2012


Modified Files:
        src/crypto/dist/openssl/crypto/x509v3 [netbsd-5-0]: pcy_map.c
            pcy_tree.c

Log Message:
Apply patch (requested by drochner in ticket #1711):
crypto/dist/openssl/crypto/x509v3/pcy_map.c     patch
crypto/dist/openssl/crypto/x509v3/pcy_tree.c    patch

        Address CVE-2011-4109.
        [drochner, ticket #1711]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.30.1 \
    src/crypto/dist/openssl/crypto/x509v3/pcy_map.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \
    src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/openssl/crypto/x509v3/pcy_map.c
diff -u src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1 src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1.30.1
--- src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1	Fri Nov 25 03:07:35 2005
+++ src/crypto/dist/openssl/crypto/x509v3/pcy_map.c	Wed Jan 25 20:18:48 2012
@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF
 
 static void policy_map_free(X509_POLICY_REF *map)
 	{
-	if (map->subjectDomainPolicy)
-		ASN1_OBJECT_free(map->subjectDomainPolicy);
 	OPENSSL_free(map);
 	}
 
@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO
 	{
 	POLICY_MAPPING *map;
 	X509_POLICY_REF *ref = NULL;
+	ASN1_OBJECT *subjectDomainPolicyRef;
 	X509_POLICY_DATA *data;
 	X509_POLICY_CACHE *cache = x->policy_cache;
 	int i;
@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO
 		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
 						map->subjectDomainPolicy))
 			goto bad_mapping;
+		/* map->subjectDomainPolicy will be freed when
+		 * cache->data is freed. Set it to NULL to avoid double-free. */
+		subjectDomainPolicyRef = map->subjectDomainPolicy;
+		map->subjectDomainPolicy = NULL;
 		
 		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
 		if (!ref)
 			goto bad_mapping;
 
-		ref->subjectDomainPolicy = map->subjectDomainPolicy;
-		map->subjectDomainPolicy = NULL;
+		ref->subjectDomainPolicy = subjectDomainPolicyRef;
 		ref->data = data;
 
 		if (!sk_X509_POLICY_REF_push(cache->maps, ref))

Index: src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c
diff -u src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4 src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4.8.1
--- src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4	Fri May  9 21:34:38 2008
+++ src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c	Wed Jan 25 20:18:48 2012
@@ -611,6 +611,10 @@ int X509_policy_check(X509_POLICY_TREE *
 		return 1;
 
 		/* Some internal error */
+		case -1:
+		return -1;
+
+		/* Some internal error */
 		case 0:
 		return 0;

CVS commit: [netbsd-5-0] src/crypto/dist/openssl/crypto/x509v3

Reply via email to