Merge pull request #1036 from berkerpeksag/fix-bio-read

Check return value of BIO_read() in set_pubkey_info()
2025-01-03 14:56:47 -05:00 · 2019-04-24 13:51:06 +02:00 · 2019-04-24 13:51:06 +02:00 · 2db6e99038
commit 2db6e99038
parent 796b60dd45 530393140a
1 changed files with 23 additions and 5 deletions
--- a/src/core/network-openssl.c
+++ b/src/core/network-openssl.c
@ -601,18 +601,19 @@ static void set_cipher_info(TLS_REC *tls, SSL *ssl)
 	tls_rec_set_cipher_size(tls, SSL_get_cipher_bits(ssl, NULL));
 }

-static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_fingerprint, size_t cert_fingerprint_size, unsigned char *public_key_fingerprint, size_t public_key_fingerprint_size)
+static gboolean set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_fingerprint, size_t cert_fingerprint_size, unsigned char *public_key_fingerprint, size_t public_key_fingerprint_size)
 {
+	gboolean ret = TRUE;
 	EVP_PKEY *pubkey = NULL;
 	char *cert_fingerprint_hex = NULL;
 	char *public_key_fingerprint_hex = NULL;

 	BIO *bio = NULL;
 	char buffer[128];
-	size_t length;
+	ssize_t length;

-	g_return_if_fail(tls != NULL);
-	g_return_if_fail(cert != NULL);
+	g_return_val_if_fail(tls != NULL, FALSE);
+	g_return_val_if_fail(cert != NULL, FALSE);

 	pubkey = X509_get_pubkey(cert);

@ -648,6 +649,11 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger
 	bio = BIO_new(BIO_s_mem());
 	ASN1_TIME_print(bio, X509_get_notBefore(cert));
 	length = BIO_read(bio, buffer, sizeof(buffer));
+	if (length < 0) {
+		ret = FALSE;
+		BIO_free(bio);
+		goto done;
+	}
 	buffer[length] = '\0';
 	BIO_free(bio);
 	tls_rec_set_not_before(tls, buffer);
@ -656,13 +662,21 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger
 	bio = BIO_new(BIO_s_mem());
 	ASN1_TIME_print(bio, X509_get_notAfter(cert));
 	length = BIO_read(bio, buffer, sizeof(buffer));
+	if (length < 0) {
+		ret = FALSE;
+		BIO_free(bio);
+		goto done;
+	}
 	buffer[length] = '\0';
 	BIO_free(bio);
 	tls_rec_set_not_after(tls, buffer);

+done:
 	g_free(cert_fingerprint_hex);
 	g_free(public_key_fingerprint_hex);
 	EVP_PKEY_free(pubkey);
+
+	return ret;
 }

 static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl)
@ -881,7 +895,11 @@ int irssi_ssl_handshake(GIOChannel *handle)

 	tls = tls_create_rec();
 	set_cipher_info(tls, chan->ssl);
-	set_pubkey_info(tls, cert, cert_fingerprint, cert_fingerprint_size, pubkey_fingerprint, pubkey_fingerprint_size);
+	if (! set_pubkey_info(tls, cert, cert_fingerprint, cert_fingerprint_size, pubkey_fingerprint, pubkey_fingerprint_size)) {
+		g_warning("Couldn't set pubkey information");
+		ret = 0;
+		goto done;
+	}
 	set_peer_cert_chain_info(tls, chan->ssl);
 	set_server_temporary_key_info(tls, chan->ssl);