From 5aebeeb5f469ede0cd12839718fca66c05f9757b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 22 May 2019 16:41:21 +0300 Subject: [PATCH 1/2] Set next sequence of subject_alt_names to NULL Set the next sequence of the subject_alt_name to NULL when deleting sequence on failure in `get_subject_alt_name()`. Found by Philippe Antoine. Credit to OSS-Fuzz. --- ChangeLog | 3 +++ library/x509_crt.c | 1 + 2 files changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index d33369272..6ac3e781b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ Bugfix for the parameter. * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560. + * Set the next sequence of the subject_alt_name to NULL when deleting + sequence on failure. Found and fix suggested by Philippe Antoine. + Credit to OSS-Fuzz. API Changes * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, diff --git a/library/x509_crt.c b/library/x509_crt.c index 708dbf771..dfd22f6e5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -681,6 +681,7 @@ static int x509_get_subject_alt_name( unsigned char **p, sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } + subject_alt_name->next = NULL; return( ret ); } From 56f071fb9eff8673f289badd9c92931fdcf3df5c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 22 May 2019 17:21:08 +0300 Subject: [PATCH 2/2] Add negative test for malformed SAN Add a negative test for a malformed SAN extension. --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ab3880a05..ec5c057a6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1214,6 +1214,10 @@ X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +X509 Certificate ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509parse_crt:"30820220308201ffa0030201020209202020202020202020300d06092a864886f70d01010505003045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c18202020202020202020202020202020202020202020202020301e170d3134303432333230353034305a170d3137303432323230353034305a3045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c1820202020202020202020202020202020202020202020202030819f300d06092a864886f70d010101050003818d003081890281812020202020202020ff20202020202020202020202020202020202020ff202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff020320ffffa350304e301d0603202020041620202020202020202020202020202020202020202020301f0603551d11041830169104202020208000be002020202020202020202020202020202020202020202020202020202020202020ff20202020202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff2020ff202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA