+2016-08-22 Werner Koch <wk@gnupg.org>
+
+ Release 1.3.5.
+ * configure.ac: Set LT version to C19/A/11/R6.
+
+ Use size_t for the result of fread.
+ * src/reader.c (ksba_reader_read): Make 'n' and size_t.
+
+ Limit allocation in the BER decoder to 16 MiB.
+ * src/ber-decoder.c (MAX_IMAGE_LENGTH): New.
+ (decoder_next): Limit allcoation to MAX_IMAGE_LENGTH.
+ (_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto.
+
+2016-07-17 Tomáš Trnka <tomastrnka@gmx.com>
+
+ Encode OCSP nonce value as an octet string (RFC 6960)
+ * src/ocsp.c (ksba_ocsp_set_nonce): Stop removing the sign bit.
+ (write_request_extensions): Encode nonce as octet string.
+ (parse_response_extensions): Decode nonce as octet string.
+
+2016-07-13 Werner Koch <wk@gnupg.org>
+
+ build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+2016-06-27 Werner Koch <wk@gnupg.org>
+
+ tests: Fix a memory leak.
+ * tests/t-oid.c (test_oid_to_str): Free STR.
+
+ Use modern error macros and fix a missing assignment.
+ * src/ocsp.c: Remove errno.h. Replace gpg_error_from_errno(errno) by
+ gpg_error_from_syserror ().
+ (parse_response): Ditto. Return direct becuase static analyzer may
+ not grasp that gpg_error_from_syserror will never return false.
+ (ksba_ocsp_get_responder_id): Actually return an error for NO_DATA.
+
+ Detect invalid RDN names and avoid a read from uninitialized variable.
+ * src/dn.c (parse_rdn): Bail out for an invalid name.
+
+2016-05-25 Werner Koch <wk@gnupg.org>
+ Pascal Cuoq <cuoq@trust-in-soft.com>
+
+ Fix OOB read in parse_distribution_point.
+ * src/cert.c (parse_distribution_point): Check TI.length.
+
+2016-05-11 Werner Koch <wk@gnupg.org>
+
+ Make sure that ASN.1 data is stored in an all-initialized buffer.
+ * src/ber-decoder.c (decoder_next): Clear the image buffer.
+
2016-05-03 Werner Koch <wk@gnupg.org>
Release 1.3.4.
-Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4]
+Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6]
+------------------------------------------------
+
+ * Limit the allowed size of complex ASN.1 objects (e.g. certificates)
+ to 16MiB.
+
+ * Avoid read access to unitialized memory.
+
+ * Improve detection of invalid RDNs.
+
+ * Encode the OCSP nonce value as an octet string as described by
+ RFC-6960.
+
+
+Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5]
------------------------------------------------
* Fixed two OOB read access bugs which could be used to force a DoS.
# Attempt to guess a canonical system name.
# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2016-04-02'
+timestamp='2016-05-15'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
- # to ELF recently, or will in the future.
+ # to ELF recently (or will in the future) and ABI.
case "${UNAME_MACHINE_ARCH}" in
- arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ earm*)
+ os=netbsdelf
+ ;;
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
cat >&2 <<EOF
$0: unable to guess system type
-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite
+config.guess and config.sub with the latest versions from:
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.
config.guess timestamp = $timestamp
# Configuration validation subroutine script.
# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2016-03-30'
+timestamp='2016-06-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
basic_machine=m68k-bull
os=-sysv3
;;
+ e500v[12])
+ basic_machine=powerpc-unknown
+ os=$os"spe"
+ ;;
+ e500v[12]-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=$os"spe"
+ ;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+ | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
- | -onefs* | -tirtos*)
+ | -onefs* | -tirtos* | -phoenix*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libksba 1.3.4.
+# Generated by GNU Autoconf 2.69 for libksba 1.3.5.
#
# Report bugs to <http://bugs.gnupg.org>.
#
# Identity of this package.
PACKAGE_NAME='libksba'
PACKAGE_TARNAME='libksba'
-PACKAGE_VERSION='1.3.4'
-PACKAGE_STRING='libksba 1.3.4'
+PACKAGE_VERSION='1.3.5'
+PACKAGE_STRING='libksba 1.3.5'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libksba 1.3.4 to adapt to many kinds of systems.
+\`configure' configures libksba 1.3.5 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libksba 1.3.4:";;
+ short | recursive ) echo "Configuration of libksba 1.3.5:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libksba configure 1.3.4
+libksba configure 1.3.5
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libksba $as_me 1.3.4, which was
+It was created by libksba $as_me 1.3.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=5
+LIBKSBA_LT_REVISION=6
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
# Define the identity of the package.
PACKAGE='libksba'
- VERSION='1.3.4'
+ VERSION='1.3.5'
cat >>confdefs.h <<_ACEOF
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
- BUILD_FILEVERSION="${BUILD_FILEVERSION}14994"
+ BUILD_FILEVERSION="${BUILD_FILEVERSION}9676"
fi
-BUILD_REVISION="3a92e8c"
+BUILD_REVISION="25cc42c"
cat >>confdefs.h <<_ACEOF
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libksba $as_me 1.3.4, which was
+This file was extended by libksba $as_me 1.3.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libksba config.status 1.3.4
+libksba config.status 1.3.5
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
echo "
Libksba v${VERSION} has been configured as follows:
- Revision: 3a92e8c (14994)
+ Revision: 25cc42c (9676)
Platform: $host
"
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
m4_define([mym4_minor], [3])
-m4_define([mym4_micro], [4])
+m4_define([mym4_micro], [5])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=5
+LIBKSBA_LT_REVISION=6
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
This file documents the KSBA library to access X.509 and CMS data
structures.
- This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.4.
+ This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.5.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
Main Menu
*********
-This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.4 of the KSBA library.
+This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.5 of the KSBA library.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.4
-@set VERSION 1.3.4
+@set EDITION 1.3.5
+@set VERSION 1.3.5
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.4
-@set VERSION 1.3.4
+@set EDITION 1.3.5
+@set VERSION 1.3.5
#include "ber-help.h"
+/* The maximum length we allow for an image, that is for a BER encoded
+ * object. */
+#define MAX_IMAGE_LENGTH (16 * 1024 * 1024)
+
+
struct decoder_state_item_s {
AsnNode node;
int went_up;
if (!d->image.buf)
{
/* We need some extra bytes to store the stuff we read ahead
- at the end of the module which is later pushed back. */
+ * at the end of the module which is later pushed back. We
+ * also clear the buffer because there is no guarantee that
+ * we will copy data to all bytes of the buffer: A broken
+ * ASN.1 encoding may thus lead to access of uninitialized
+ * data even if we make sure that that access is not our of
+ * bounds. */
d->image.used = 0;
d->image.length = ti.length + 100;
if (d->image.length < ti.length)
return gpg_error (GPG_ERR_BAD_BER);
- d->image.buf = xtrymalloc (d->image.length);
+ if (d->image.length > MAX_IMAGE_LENGTH)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ d->image.buf = xtrycalloc (1, d->image.length);
if (!d->image.buf)
return gpg_error (GPG_ERR_ENOMEM);
}
if (!buf || buflen < d->val.length)
{
xfree (buf);
+ buf = NULL;
buflen = d->val.length + 100;
if (buflen < d->val.length)
err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */
+ else if (buflen > MAX_IMAGE_LENGTH)
+ err = gpg_error (GPG_ERR_TOO_LARGE);
else
{
buf = xtrymalloc (buflen);
p = ksba_oid_to_str (buf, n);
break;
default:
- for (i=0; i < n && i < 20; i++)
+ for (i=0; i < n && (d->debug || i < 20); i++)
fprintf (fp,"%02x", buf[i]);
if (i < n)
fputs ("..more..", fp);
if (!buf || buflen < d->val.length)
{
xfree (buf);
+ buf = NULL;
buflen = d->val.length + 100;
if (buflen < d->val.length)
err = gpg_error (GPG_ERR_BAD_BER);
+ else if (buflen > MAX_IMAGE_LENGTH)
+ err = gpg_error (GPG_ERR_TOO_LARGE);
else
{
buf = xtrymalloc (buflen);
unsigned int bits, mask;
int i, unused, full;
+ if (!ti.length || ti.length > derlen)
+ return gpg_error (GPG_ERR_ENCODING_PROBLEM);
unused = *der++; derlen--;
ti.length--;
if ((!ti.length && unused) || unused/8 > ti.length)
oid = oid_name_tbl[i].oid;
oidlen = oid_name_tbl[i].oidlen;
}
+ else
+ return gpg_error (GPG_ERR_INV_NAME);
+
s++;
while (*s == ' ')
s++;
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include <errno.h>
#include "util.h"
else if (ti.length > *len)
err = gpg_error (GPG_ERR_BAD_BER);
else if (!(*oid = ksba_oid_to_str (*buf, ti.length)))
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
else
{
*buf += ti.length;
{
*r_ocsp = xtrycalloc (1, sizeof **r_ocsp);
if (!*r_ocsp)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
return 0;
}
xfree (ocsp->digest_oid);
ocsp->digest_oid = xtrystrdup (oid);
if (!ocsp->digest_oid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
return 0;
}
ri = xtrycalloc (1, sizeof *ri);
if (!ri)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
ksba_cert_ref (cert);
ri->cert = cert;
ksba_cert_ref (issuer_cert);
if (noncelen)
{
memcpy (ocsp->nonce, nonce, noncelen);
- /* Reset the high bit. We do this to make sure that we have a
- positive integer and thus we don't need to prepend a leading
- zero which would be needed then. */
- ocsp->nonce[0] &= 0x7f;
}
ocsp->noncelen = noncelen;
return noncelen;
err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,
2+ocsp->noncelen);
if (!err)
- err = _ksba_ber_write_tl (w1, TYPE_INTEGER, CLASS_UNIVERSAL, 0,
+ err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,
ocsp->noncelen);
if (!err)
err = ksba_writer_write (w1, ocsp->nonce, ocsp->noncelen);
xfree (ri->serialno);
ri->serialno = xtrymalloc (derlen);
if (!ri->serialno)
- err = gpg_error_from_errno (errno);
- if (err)
- goto leave;
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
memcpy (ri->serialno, der, derlen);
ri->serialnolen = derlen;
goto leave;
if (!strcmp (oid, oidstr_ocsp_nonce))
{
- err = parse_integer (&data, &datalen, &ti);
+ err = parse_octet_string (&data, &datalen, &ti);
if (err)
goto leave;
if (ocsp->noncelen != ti.length
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
goto leave;
}
ex->crit = is_crit;
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
- err = gpg_error_from_errno (errno);
+ err = gpg_error_from_syserror ();
goto leave;
}
ex->crit = is_crit;
return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id. */
ocsp->responder_id.keyid = xtrymalloc (ti.length);
if (!ocsp->responder_id.keyid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
memcpy (ocsp->responder_id.keyid, *data, ti.length);
ocsp->responder_id.keyidlen = ti.length;
parse_skip (data, datalen, &ti);
parse_skip (&msg, &msglen, &ti);
cl = xtrycalloc (1, sizeof *cl);
if (!cl)
- err = gpg_error_from_errno (errno);
- if (err)
{
+ err = gpg_error_from_syserror ();
ksba_cert_release (cert);
- return gpg_error (GPG_ERR_ENOMEM);
+ return err;
}
+
cl->cert = cert;
*cl_tail = cl;
{
*r_name = xtrystrdup (ocsp->responder_id.name);
if (!*r_name)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
}
else if (ocsp->responder_id.keyid && r_keyid)
{
numbuflen = strlen (numbuf);
*r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2);
if (!*r_keyid)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
strcpy (*r_keyid, numbuf);
memcpy (*r_keyid+numbuflen,
ocsp->responder_id.keyid, ocsp->responder_id.keyidlen);
(*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0;
}
else
- gpg_error (GPG_ERR_NO_DATA);
+ return gpg_error (GPG_ERR_NO_DATA);
return 0;
}
}
else if (r->type == READER_TYPE_FILE)
{
- int n;
+ size_t n;
if (r->eof)
return gpg_error (GPG_ERR_EOF);
}
n = fread (buffer, 1, length, r->u.file);
- if (n > 0)
+ if (n)
{
r->nread += n;
*nread = n;
if (n < length)
{
if (ferror(r->u.file))
- r->error = errno;
+ r->error = errno;
r->eof = 1;
- if (n <= 0)
+ if (!n)
return gpg_error (GPG_ERR_EOF);
}
}
fprintf (stderr, " want=%s\n", tests[tidx].str);
exit (1);
}
+ ksba_free (str);
}
}