nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

use a memory allocation instead of a static variable to fix sprintf_s error stack corruption

Browse Source
This commit is contained in:
olszomal 2022-04-01 10:01:51 +02:00 committed by Michał Trojnara
parent afda3cc810
commit 3a84987107
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
osslsigncode.c
View File

@ -745,7 +745,7 @@ static void tohex(const u_char *v, char *b, int len)
int i; int i;
for(i=0; i<len; i++) for(i=0; i<len; i++)
#ifdef WIN32 #ifdef WIN32
sprintf_s(b+i*2, sizeof(b+i*2), "%02X", v[i]); sprintf_s(b+i*2, 8, "%02X", v[i]);
#else #else
sprintf(b+i*2, "%02X", v[i]); sprintf(b+i*2, "%02X", v[i]);
#endif /* WIN32 */ #endif /* WIN32 */
@ -1541,7 +1541,7 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header
{ {
u_char *ph, *p, *tmp; u_char *ph, *p, *tmp;
int l, phlen; int l, phlen;
char hexbuf[EVP_MAX_MD_SIZE*2+1]; char *hexbuf;
ASN1_TYPE *tostr; ASN1_TYPE *tostr;
SpcAttributeTypeAndOptionalValue *aval; SpcAttributeTypeAndOptionalValue *aval;
ASN1_TYPE *taval; ASN1_TYPE *taval;
@ -1555,8 +1555,10 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header
printf("Failed to calculate page hash\n"); printf("Failed to calculate page hash\n");
return NULL; /* FAILED */ return NULL; /* FAILED */
} }
hexbuf = OPENSSL_malloc(64);
tohex(ph, hexbuf, (phlen < 32) ? phlen : 32); tohex(ph, hexbuf, (phlen < 32) ? phlen : 32);
printf("Calculated page hash : %s ...\n", hexbuf); printf("Calculated page hash : %s ...\n", hexbuf);
OPENSSL_free(hexbuf);
tostr = ASN1_TYPE_new(); tostr = ASN1_TYPE_new();
tostr->type = V_ASN1_OCTET_STRING; tostr->type = V_ASN1_OCTET_STRING;
@ -1832,7 +1834,6 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash)
int ret = 1; int ret = 1;
u_char *mdbuf = NULL, *certbuf, *tmp; u_char *mdbuf = NULL, *certbuf, *tmp;
u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
const EVP_MD *md; const EVP_MD *md;
long mdlen = 0; long mdlen = 0;
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
@ -1875,8 +1876,10 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash)
/* compare the provided hash against the computed hash */ /* compare the provided hash against the computed hash */
if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) { if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) {
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
tohex(cmdbuf, hexbuf, EVP_MD_size(md)); tohex(cmdbuf, hexbuf, EVP_MD_size(md));
printf("\nHash value mismatch: %s computed\n", hexbuf); printf("\nHash value mismatch: %s computed\n", hexbuf);
OPENSSL_free(hexbuf);
goto out; goto out;
} }
@ -2240,7 +2243,7 @@ out:
*/ */
static int print_attributes(SIGNATURE *signature, int verbose) static int print_attributes(SIGNATURE *signature, int verbose)
{ {
char hexbuf[EVP_MAX_MD_SIZE*2+1]; char *hexbuf;
u_char *mdbuf; u_char *mdbuf;
int len; int len;
@ -2252,8 +2255,10 @@ static int print_attributes(SIGNATURE *signature, int verbose)
(signature->md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(signature->md_nid)); (signature->md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(signature->md_nid));
mdbuf = (u_char *)ASN1_STRING_get0_data(signature->digest); mdbuf = (u_char *)ASN1_STRING_get0_data(signature->digest);
len = ASN1_STRING_length(signature->digest); len = ASN1_STRING_length(signature->digest);
hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
tohex(mdbuf, hexbuf, len); tohex(mdbuf, hexbuf, len);
printf("\tMessage digest: %s\n", hexbuf); printf("\tMessage digest: %s\n", hexbuf);
OPENSSL_free(hexbuf);
printf("\tSigning time: "); printf("\tSigning time: ");
print_time_t(signature->signtime); print_time_t(signature->signtime);
@ -2518,7 +2523,6 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
TimeStampToken *token = NULL; TimeStampToken *token = NULL;
const u_char *p = NULL; const u_char *p = NULL;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
const EVP_MD *md; const EVP_MD *md;
EVP_MD_CTX *mdctx; EVP_MD_CTX *mdctx;
int md_nid; int md_nid;
@ -2545,6 +2549,7 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
hash = token->messageImprint->digest; hash = token->messageImprint->digest;
/* hash->length == EVP_MD_size(md) */ /* hash->length == EVP_MD_size(md) */
if (memcmp(mdbuf, hash->data, hash->length)) { if (memcmp(mdbuf, hash->data, hash->length)) {
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
tohex(mdbuf, hexbuf, EVP_MD_size(md)); tohex(mdbuf, hexbuf, EVP_MD_size(md));
printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n", printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n",
(md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid));
@ -2552,6 +2557,7 @@ static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si)
tohex(hash->data, hexbuf, hash->length); tohex(hash->data, hexbuf, hash->length);
printf("\tReceived message digest : %s\n" , hexbuf); printf("\tReceived message digest : %s\n" , hexbuf);
printf("File's message digest verification: failed\n"); printf("File's message digest verification: failed\n");
OPENSSL_free(hexbuf);
TimeStampToken_free(token); TimeStampToken_free(token);
return 0; /* FAILED */ return 0; /* FAILED */
} /* else Computed and received message digests matched */ } /* else Computed and received message digests matched */
@ -2953,9 +2959,9 @@ static int msi_verify_pkcs7(SIGNATURE *signature, MSI_FILE *msi, MSI_DIRENT *dir
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE];
u_char cexmdbuf[EVP_MAX_MD_SIZE]; u_char cexmdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
const EVP_MD *md; const EVP_MD *md;
BIO *hash; BIO *hash;
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) {
ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence;
@ -3034,6 +3040,7 @@ static int msi_verify_pkcs7(SIGNATURE *signature, MSI_FILE *msi, MSI_DIRENT *dir
out: out:
if (ret) if (ret)
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
OPENSSL_free(hexbuf);
return ret; return ret;
} }
@ -3353,10 +3360,10 @@ static int pe_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *head
int ret = 1, mdok, mdtype = -1, phtype = -1; int ret = 1, mdok, mdtype = -1, phtype = -1;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
u_char *ph = NULL; u_char *ph = NULL;
int phlen = 0; int phlen = 0;
const EVP_MD *md; const EVP_MD *md;
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) {
ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence;
@ -3417,6 +3424,7 @@ out:
if (ret) if (ret)
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
OPENSSL_free(ph); OPENSSL_free(ph);
OPENSSL_free(hexbuf);
return ret; return ret;
} }
@ -3816,8 +3824,8 @@ static int cab_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *hea
int ret = 1, mdok, mdtype = -1; int ret = 1, mdok, mdtype = -1;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
const EVP_MD *md; const EVP_MD *md;
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) {
ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence;
@ -3856,6 +3864,7 @@ static int cab_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *hea
out: out:
if (ret) if (ret)
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
OPENSSL_free(hexbuf);
return ret; return ret;
} }
@ -4209,7 +4218,6 @@ static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEAD
int mdok, mdtype = -1, phtype = -1; int mdok, mdtype = -1, phtype = -1;
u_char mdbuf[EVP_MAX_MD_SIZE]; u_char mdbuf[EVP_MAX_MD_SIZE];
u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE];
char hexbuf[EVP_MAX_MD_SIZE*2+1];
int phlen = 0; int phlen = 0;
const EVP_MD *md; const EVP_MD *md;
ASN1_TYPE *content; ASN1_TYPE *content;
@ -4267,17 +4275,20 @@ static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEAD
} }
mdok = !memcmp(mdbuf, cmdbuf, EVP_MD_size(md)); mdok = !memcmp(mdbuf, cmdbuf, EVP_MD_size(md));
if (mdok) { if (mdok) {
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype));
tohex(mdbuf, hexbuf, EVP_MD_size(md)); tohex(mdbuf, hexbuf, EVP_MD_size(md));
printf("Current message digest : %s\n", hexbuf); printf("Current message digest : %s\n", hexbuf);
tohex(cmdbuf, hexbuf, EVP_MD_size(md)); tohex(cmdbuf, hexbuf, EVP_MD_size(md));
printf("Calculated message digest : %s\n\n", hexbuf); printf("Calculated message digest : %s\n\n", hexbuf);
OPENSSL_free(hexbuf);
} else { } else {
goto out; goto out;
} }
if (phlen > 0) { if (phlen > 0) {
int cphlen = 0; int cphlen = 0;
char *hexbuf = OPENSSL_malloc(EVP_MAX_MD_SIZE*2);
u_char *cph; u_char *cph;
cph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, header->sigpos, phtype, &cphlen); cph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, header->sigpos, phtype, &cphlen);
tohex(cph, hexbuf, (cphlen < 32) ? cphlen : 32); tohex(cph, hexbuf, (cphlen < 32) ? cphlen : 32);
@ -4289,8 +4300,10 @@ static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEAD
printf("Page hash : %s\n", hexbuf); printf("Page hash : %s\n", hexbuf);
printf("Calculated page hash : %s\n\n", hexbuf); printf("Calculated page hash : %s\n\n", hexbuf);
} else { } else {
OPENSSL_free(hexbuf);
goto out; goto out;
} }
OPENSSL_free(hexbuf);
} }
ret = 0; /* OK */ ret = 0; /* OK */
} }