diff options
Diffstat (limited to 'thirdparty/openssl/crypto/conf')
-rw-r--r-- | thirdparty/openssl/crypto/conf/conf_def.c | 16 | ||||
-rw-r--r-- | thirdparty/openssl/crypto/conf/conf_def.h | 44 | ||||
-rw-r--r-- | thirdparty/openssl/crypto/conf/conf_err.c | 2 | ||||
-rw-r--r-- | thirdparty/openssl/crypto/conf/conf_mod.c | 4 | ||||
-rw-r--r-- | thirdparty/openssl/crypto/conf/ssleay.cnf | 78 |
5 files changed, 42 insertions, 102 deletions
diff --git a/thirdparty/openssl/crypto/conf/conf_def.c b/thirdparty/openssl/crypto/conf/conf_def.c index 68c77cec7d..75e309aaca 100644 --- a/thirdparty/openssl/crypto/conf/conf_def.c +++ b/thirdparty/openssl/crypto/conf/conf_def.c @@ -69,6 +69,12 @@ #include <openssl/buffer.h> #include <openssl/err.h> +/* + * The maximum length we can grow a value to after variable expansion. 64k + * should be more than enough for all reasonable uses. + */ +#define MAX_CONF_VALUE_LENGTH 65536 + static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); @@ -530,6 +536,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } else if (IS_EOF(conf, *from)) break; else if (*from == '$') { + size_t newsize; + /* try to expand it */ rrp = NULL; s = &(from[1]); @@ -584,8 +592,12 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - if (!BUF_MEM_grow_clean(buf, - (strlen(p) + buf->length - (e - from)))) { + newsize = strlen(p) + buf->length - (e - from); + if (newsize > MAX_CONF_VALUE_LENGTH) { + CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG); + goto err; + } + if (!BUF_MEM_grow_clean(buf, newsize)) { CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/thirdparty/openssl/crypto/conf/conf_def.h b/thirdparty/openssl/crypto/conf/conf_def.h index 7d897b89f1..48b3442181 100644 --- a/thirdparty/openssl/crypto/conf/conf_def.h +++ b/thirdparty/openssl/crypto/conf/conf_def.h @@ -81,34 +81,34 @@ #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) #ifndef CHARSET_EBCDIC -# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) +# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) +# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) +# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) +# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) +# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) +# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) +# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) +# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) +# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) +# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -#else /* CHARSET_EBCDIC */ +#else /*CHARSET_EBCDIC*/ -# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) +# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) +# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) +# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) +# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) +# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) +# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) +# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) -#endif /* CHARSET_EBCDIC */ +# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) +# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) +# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) +#endif /*CHARSET_EBCDIC*/ static unsigned short CONF_type_default[256] = { 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, diff --git a/thirdparty/openssl/crypto/conf/conf_err.c b/thirdparty/openssl/crypto/conf/conf_err.c index bb5e2fe252..b0b6896f83 100644 --- a/thirdparty/openssl/crypto/conf/conf_err.c +++ b/thirdparty/openssl/crypto/conf/conf_err.c @@ -115,6 +115,8 @@ static ERR_STRING_DATA CONF_str_reasons[] = { {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, + {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG), + "variable expansion too long"}, {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, {0, NULL} }; diff --git a/thirdparty/openssl/crypto/conf/conf_mod.c b/thirdparty/openssl/crypto/conf/conf_mod.c index 9acfca4f71..e0c9a67ff6 100644 --- a/thirdparty/openssl/crypto/conf/conf_mod.c +++ b/thirdparty/openssl/crypto/conf/conf_mod.c @@ -288,6 +288,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, tmod->dso = dso; tmod->name = BUF_strdup(name); + if (tmod->name == NULL) { + OPENSSL_free(tmod); + return NULL; + } tmod->init = ifunc; tmod->finish = ffunc; tmod->links = 0; diff --git a/thirdparty/openssl/crypto/conf/ssleay.cnf b/thirdparty/openssl/crypto/conf/ssleay.cnf deleted file mode 100644 index ed33af601e..0000000000 --- a/thirdparty/openssl/crypto/conf/ssleay.cnf +++ /dev/null @@ -1,78 +0,0 @@ -# -# This is a test configuration file for use in SSLeay etc... -# - -init = 5 -in\#it1 =10 -init2='10' -init3='10\'' -init4="10'" -init5='='10\'' again' - -SSLeay::version = 0.5.0 - -[genrsa] -default_bits = 512 -SSLEAY::version = 0.5.0 - -[gendh] -default_bits = 512 -def_generator = 2 - -[s_client] -cipher1 = DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\ -cipher2 = 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5' -cipher3 = "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5" -cipher4 = DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5 - -[ default ] -cert_dir = $ENV::HOME/.ca_certs - -HOME = /tmp/eay - -tmp_cert_dir = $HOME/.ca_certs -tmp2_cert_dir = thisis$(HOME)stuff - -LOGNAME = Eric Young (home=$HOME) - -[ special ] - -H=$HOME -H=$default::HOME -H=$ENV::HOME -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = $HOME/.rand - -[ req ] -default_bits = 512 -default_keyfile = privkey.pem - -Attribute_type_1 = countryName -Attribute_text_1 = Country Name (2 letter code) -Attribute_default_1 = AU - -Attribute_type_2 = stateOrProvinceName -Attribute_text_2 = State or Province Name (full name) -Attribute_default_2 = Queensland - -Attribute_type_3 = localityName -Attribute_text_3 = Locality Name (eg, city) - -Attribute_type_4 = organizationName -Attribute_text_4 = Organization Name (eg, company) -Attribute_default_4 = Mincom Pty Ltd - -Attribute_type_5 = organizationalUnitName -Attribute_text_5 = Organizational Unit Name (eg, section) -Attribute_default_5 = TR - -Attribute_type_6 = commonName -Attribute_text_6 = Common Name (eg, YOUR name) - -Attribute_type_7 = emailAddress -Attribute_text_7 = Email Address - |