Bug#15883127: PORT FIX FOR BUG #13904906 TO MYSQL 5.1

Description: Updated yassl to version 2.2.2
author: Harin Vadodaria <harin.vadodaria@oracle.com> 2012-11-21 19:12:20 +0530
committer: Harin Vadodaria <harin.vadodaria@oracle.com> 2012-11-21 19:12:20 +0530
commit: 43062dba3ac0d1887a890ddbd364aa81a3a0208f (patch)
tree: 3d6a5f6ba96eaa5f03b0840b4557c7648b06decd /extra/yassl/taocrypt/src
parent: a46adb0f9827e8b06c76591b5da3adea4a0b6301 (diff)
download: mariadb-git-43062dba3ac0d1887a890ddbd364aa81a3a0208f.tar.gz
2 files changed, 24 insertions, 1 deletions
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index 5ec4cac1c44..ad054809879 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -154,6 +154,8 @@ word32 GetLength(Source& source)
     else
         length = b;
 
+    if (source.IsLeft(length) == false) return 0;
+
     return length;
 }
 
@@ -832,7 +834,7 @@ void CertDecoder::GetName(NameType nt)
             if (email) {
                 if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
                     source_.SetError(CONTENT_E);
-                    return; 
+                    return;
                 }
             }
 
diff --git a/extra/yassl/taocrypt/src/coding.cpp b/extra/yassl/taocrypt/src/coding.cpp
index 8647ea13f20..ba485eea77e 100644
--- a/extra/yassl/taocrypt/src/coding.cpp
+++ b/extra/yassl/taocrypt/src/coding.cpp
@@ -103,6 +103,16 @@ void HexDecoder::Decode()
         byte b  = coded_.next() - 0x30;  // 0 starts at 0x30
         byte b2 = coded_.next() - 0x30;
 
+        // sanity checks
+        if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+        if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
         b  = hexDecode[b];
         b2 = hexDecode[b2];
 
@@ -178,6 +188,7 @@ void Base64Decoder::Decode()
 {
     word32 bytes = coded_.size();
     word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz); 
+    const  byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
     plainSz = ((plainSz * 3) / 4) + 3;
     decoded_.New(plainSz);
 
@@ -200,6 +211,16 @@ void Base64Decoder::Decode()
         if (e4 == pad)
             pad4 = true;
 
+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
         e1 = base64Decode[e1 - 0x2B];
         e2 = base64Decode[e2 - 0x2B];
         e3 = (e3 == pad) ? 0 : base64Decode[e3 - 0x2B];
author	Harin Vadodaria <harin.vadodaria@oracle.com>	2012-11-21 19:12:20 +0530
committer	Harin Vadodaria <harin.vadodaria@oracle.com>	2012-11-21 19:12:20 +0530
commit	43062dba3ac0d1887a890ddbd364aa81a3a0208f (patch)
tree	3d6a5f6ba96eaa5f03b0840b4557c7648b06decd /extra/yassl/taocrypt/src
parent	a46adb0f9827e8b06c76591b5da3adea4a0b6301 (diff)
download	mariadb-git-43062dba3ac0d1887a890ddbd364aa81a3a0208f.tar.gz