File openssl-CVE-2009-0590.patch of Package compat-openssl097g.import4909
Index: openssl-0.9.7g/crypto/asn1/asn1.h
===================================================================
--- openssl-0.9.7g.orig/crypto/asn1/asn1.h
+++ openssl-0.9.7g/crypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_DUP 111
#define ASN1_F_ASN1_ENUMERATED_SET 112
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+#define ASN1_F_ASN1_EX_C2I 204
#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
#define ASN1_F_ASN1_GET_OBJECT 114
#define ASN1_F_ASN1_HEADER_NEW 115
@@ -1036,6 +1037,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1094,6 +1096,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
Index: openssl-0.9.7g/crypto/asn1/asn1_err.c
===================================================================
--- openssl-0.9.7g.orig/crypto/asn1/asn1_err.c
+++ openssl-0.9.7g/crypto/asn1/asn1_err.c
@@ -82,6 +82,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_EX_C2I,0), "ASN1_EX_C2I"},
{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"},
{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"},
@@ -159,6 +160,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"},
{ASN1_R_BAD_PASSWORD_READ ,"bad password read"},
{ASN1_R_BAD_TAG ,"bad tag"},
+{ASN1_R_BMPSTRING_IS_WRONG_LENGTH ,"bmpstring is wrong length"},
{ASN1_R_BN_LIB ,"bn lib"},
{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"},
{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"},
@@ -217,6 +219,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"},
{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"},
+{ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH ,"universalstring is wrong length"},
{ASN1_R_UNKNOWN_FORMAT ,"unknown format"},
{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"},
Index: openssl-0.9.7g/crypto/asn1/tasn_dec.c
===================================================================
--- openssl-0.9.7g.orig/crypto/asn1/tasn_dec.c
+++ openssl-0.9.7g/crypto/asn1/tasn_dec.c
@@ -766,6 +766,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsig
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
default:
+ if (utype == V_ASN1_BMPSTRING && (len & 1))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
/* All based on ASN1_STRING and handled the same */
if(!*pval) {
stmp = ASN1_STRING_type_new(utype);
