Security fix.

7c517a04 · Ben Laurie · d78e5298 · 7c517a04 · 7c517a04
隐藏空白更改
内联并排

Showing with 20 addition and 22 deletion

CHANGES CHANGES +3 -0

crypto/ui/ui_openssl.c crypto/ui/ui_openssl.c +17 -22

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,9 @@
         *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
         +) applies to 0.9.7 only

+  +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
     worked incorrectly for those cases where  range = 10..._2  and

--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -148,7 +148,6 @@
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
-#include <setjmp.h>
 #include <errno.h>

 #ifdef OPENSSL_SYS_VMS		/* prototypes for sys$whatever */
@@ -256,7 +255,6 @@ static struct sigaction savsig[NX509_SIG];
 #else
 static void (*savsig[NX509_SIG])(int );
 #endif
-static jmp_buf save;

 #ifdef OPENSSL_SYS_VMS
 static struct IOSB iosb;
@@ -374,6 +372,8 @@ static void read_till_nl(FILE *in)
 		} while (strchr(buf,'\n') == NULL);
 	}

+static sig_atomic_t intr_signal;
+
 static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 	{
 	static int ps;
@@ -383,29 +383,31 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 	char *p;

 #ifndef OPENSSL_SYS_WIN16
-	if ((ok = setjmp(save)))
-		{
-		if (ok == 1) ok=0;
-		goto error;
-		}
+	intr_signal=0;
 	ok=0;
 	ps=0;

 	pushsig();
 	ps=1;

-	if (!echo) noecho_console(ui);
+	if (!echo && !noecho_console(ui))
+		goto error;
 	ps=2;

 	result[0]='\0';
 #ifdef OPENSSL_SYS_MSDOS
 	if (!echo)
+		{
 		noecho_fgets(result,maxsize,tty_in);
+		p=result; /* FIXME: noecho_fgets doesn't return errors */
+		}
 	else
-		fgets(result,maxsize,tty_in);
+		p=fgets(result,maxsize,tty_in);
 #else
-	fgets(result,maxsize,tty_in);
+	p=fgets(result,maxsize,tty_in);
 #endif
+	if(!p)
+		goto error;
 	if (feof(tty_in)) goto error;
 	if (ferror(tty_in)) goto error;
 	if ((p=(char *)strchr(result,'\n')) != NULL)
@@ -419,9 +421,11 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
 		ok=1;

 error:
+	if (intr_signal == SIGINT)
+		ok=-1;
 	if (!echo) fprintf(tty_out,"\n");
-	if (ps >= 2 && !echo)
-		echo_console(ui);
+	if (ps >= 2 && !echo && !echo_console(ui))
+		ok=0;

 	if (ps >= 1)
 		popsig();
@@ -602,18 +606,9 @@ static void popsig(void)

 static void recsig(int i)
 	{
-	switch(i)
-		{
-	case SIGINT:
-		longjmp(save,-1);
-		break;
-	default:
-		break;
-		}
-	longjmp(save,1);
+	intr_signal=i;
 	}

-
 /* Internal functions specific for Windows */
 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
 static int noecho_fgets(char *buf, int size, FILE *tty)