aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/x509v3
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2011-04-13 07:49:50 +0000
committermarha <marha@users.sourceforge.net>2011-04-13 07:49:50 +0000
commit7bcdd32ccff794b9a83a88ff9bc2d0b7b088bd06 (patch)
treed5d217cd4d21932fa490076d0dea9a259a9a8a31 /openssl/crypto/x509v3
parent125aba11ec484309e4dc5b2abf1b15ac98784159 (diff)
downloadvcxsrv-7bcdd32ccff794b9a83a88ff9bc2d0b7b088bd06.tar.gz
vcxsrv-7bcdd32ccff794b9a83a88ff9bc2d0b7b088bd06.tar.bz2
vcxsrv-7bcdd32ccff794b9a83a88ff9bc2d0b7b088bd06.zip
Updated to openssl-1.0.0d
Diffstat (limited to 'openssl/crypto/x509v3')
-rw-r--r--openssl/crypto/x509v3/v3_addr.c6
-rw-r--r--openssl/crypto/x509v3/v3_asid.c31
2 files changed, 21 insertions, 16 deletions
diff --git a/openssl/crypto/x509v3/v3_addr.c b/openssl/crypto/x509v3/v3_addr.c
index 9087d66e0..0d70e8696 100644
--- a/openssl/crypto/x509v3/v3_addr.c
+++ b/openssl/crypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
unsigned char addr[ADDR_RAW_BUF_LEN];
int i, n;
+ if (bs->length < 0)
+ return 0;
switch (afi) {
case IANA_AFI_IPV4:
+ if (bs->length > 4)
+ return 0;
addr_expand(addr, bs, 4, fill);
BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
break;
case IANA_AFI_IPV6:
+ if (bs->length > 16)
+ return 0;
addr_expand(addr, bs, 16, fill);
for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
;
diff --git a/openssl/crypto/x509v3/v3_asid.c b/openssl/crypto/x509v3/v3_asid.c
index 56702f86b..3f434c060 100644
--- a/openssl/crypto/x509v3/v3_asid.c
+++ b/openssl/crypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
#include <stdio.h>
#include <string.h>
-#include <assert.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
{
const ASIdOrRange *a = *a_, *b = *b_;
- assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
(a->type == ASIdOrRange_range && a->u.range != NULL &&
a->u.range->min != NULL && a->u.range->max != NULL));
- assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
(b->type == ASIdOrRange_range && b->u.range != NULL &&
b->u.range->min != NULL && b->u.range->max != NULL));
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
if (*choice == NULL) {
if ((*choice = ASIdentifierChoice_new()) == NULL)
return 0;
- assert((*choice)->u.inherit == NULL);
+ OPENSSL_assert((*choice)->u.inherit == NULL);
if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
return 0;
(*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
if (*choice == NULL) {
if ((*choice = ASIdentifierChoice_new()) == NULL)
return 0;
- assert((*choice)->u.asIdsOrRanges == NULL);
+ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
(*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
if ((*choice)->u.asIdsOrRanges == NULL)
return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
ASN1_INTEGER **min,
ASN1_INTEGER **max)
{
- assert(aor != NULL && min != NULL && max != NULL);
+ OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
switch (aor->type) {
case ASIdOrRange_id:
*min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
int v3_asid_is_canonical(ASIdentifiers *asid)
{
return (asid == NULL ||
- (ASIdentifierChoice_is_canonical(asid->asnum) ||
+ (ASIdentifierChoice_is_canonical(asid->asnum) &&
ASIdentifierChoice_is_canonical(asid->rdi)));
}
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
/*
* We have a list. Sort it.
*/
- assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+ OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
/*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
/*
* Make sure we're properly sorted (paranoia).
*/
- assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
/*
* Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
}
}
- assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
ret = 1;
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
X509 *x;
- assert(chain != NULL && sk_X509_num(chain) > 0);
- assert(ctx != NULL || ext != NULL);
- assert(ctx == NULL || ctx->verify_cb != NULL);
+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+ OPENSSL_assert(ctx != NULL || ext != NULL);
+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
/*
* Figure out where to start. If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
} else {
i = 0;
x = sk_X509_value(chain, i);
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if ((ext = x->rfc3779_asid) == NULL)
goto done;
}
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
*/
for (i++; i < sk_X509_num(chain); i++) {
x = sk_X509_value(chain, i);
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if (x->rfc3779_asid == NULL) {
if (child_as != NULL || child_rdi != NULL)
validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
/*
* Trust anchor can't inherit.
*/
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if (x->rfc3779_asid != NULL) {
if (x->rfc3779_asid->asnum != NULL &&
x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)