nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Fix fuzzer error - corrupted data content

Browse Source
This commit is contained in:
olszomal 2024-02-20 15:07:14 +01:00 committed by Michał Trojnara
parent ead0584611
commit b661ed08ed
1 changed files with 48 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
osslsigncode.c
View File

@ -1872,6 +1872,28 @@ out:
return verok; return verok;
} }
#if OPENSSL_VERSION_NUMBER<0x30000000L
static int PKCS7_type_is_other(PKCS7 *p7)
{
int isOther = 1;
int nid = OBJ_obj2nid(p7->type);
switch (nid) {
case NID_pkcs7_data:
case NID_pkcs7_signed:
case NID_pkcs7_enveloped:
case NID_pkcs7_signedAndEnveloped:
case NID_pkcs7_digest:
case NID_pkcs7_encrypted:
isOther = 0;
break;
default:
isOther = 1;
}
return isOther;
}
#endif /* OPENSSL_VERSION_NUMBER<0x30000000L */
/* /*
* [in] ctx: structure holds input and output data * [in] ctx: structure holds input and output data
* [in] p7: PKCS#7 signature * [in] p7: PKCS#7 signature
@ -1887,6 +1909,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50
BIO *bio = NULL; BIO *bio = NULL;
int verok = 0; int verok = 0;
char *url; char *url;
PKCS7 *contents = p7->d.sign->contents;
store = X509_STORE_new(); store = X509_STORE_new();
if (!store) if (!store)
@ -1915,17 +1938,32 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50
} }
} }
/* verify a PKCS#7 signedData structure */ /* verify a PKCS#7 signedData structure */
if (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE) { if (PKCS7_type_is_other(contents) && (contents->d.other != NULL)
/* only verify the contents of the sequence */ && (contents->d.other->value.sequence != NULL)
int seqhdrlen; && (contents->d.other->value.sequence->length > 0)) {
seqhdrlen = asn1_simple_hdr_len(p7->d.sign->contents->d.other->value.sequence->data, if (contents->d.other->type == V_ASN1_SEQUENCE) {
p7->d.sign->contents->d.other->value.sequence->length); /* only verify the content of the sequence */
bio = BIO_new_mem_buf(p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen, const unsigned char *data = contents->d.other->value.sequence->data;
p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen); long len;
int inf, tag, class;
inf = ASN1_get_object(&data, &len, &tag, &class,
contents->d.other->value.sequence->length);
if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE) {
printf("Corrupted data content\n");
X509_STORE_free(store);
goto out;
}
bio = BIO_new_mem_buf(data, (int)len);
} else {
/* verify the entire value */
bio = BIO_new_mem_buf(contents->d.other->value.sequence->data,
contents->d.other->value.sequence->length);
}
} else { } else {
/* verify the entire value */ printf("Corrupted data content\n");
bio = BIO_new_mem_buf(p7->d.sign->contents->d.other->value.sequence->data, X509_STORE_free(store);
p7->d.sign->contents->d.other->value.sequence->length); goto out;
} }
printf("Signing certificate chain verified using:\n"); printf("Signing certificate chain verified using:\n");
/* /*