65 lines
1.8 KiB
Diff
65 lines
1.8 KiB
Diff
From 0f90c4de9f58070a423003ec6b34ef1a9a670ec9 Mon Sep 17 00:00:00 2001
|
|
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
|
Date: Sat, 13 May 2023 09:04:18 +0200
|
|
Subject: [PATCH] Fix stack corruption in ui_read
|
|
|
|
This is an alternative to #20893
|
|
|
|
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
|
|
|
|
When UI_new returns NULL, the result code would still be zero
|
|
as if UI_UTIL_read_pw succeeded, but the password buffer is left
|
|
uninitialized, with subsequent possible stack corruption or worse.
|
|
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/20957)
|
|
|
|
(cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
|
|
|
|
---
|
|
crypto/ui/ui_lib.c | 4 ++++
|
|
crypto/ui/ui_util.c | 4 +---
|
|
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
|
|
index 49cc45057c..daf11c7a0d 100644
|
|
--- a/crypto/ui/ui_lib.c
|
|
+++ b/crypto/ui/ui_lib.c
|
|
@@ -529,6 +529,10 @@ int UI_process(UI *ui)
|
|
ok = 0;
|
|
break;
|
|
}
|
|
+ } else {
|
|
+ ui->flags &= ~UI_FLAG_REDOABLE;
|
|
+ ok = -2;
|
|
+ goto err;
|
|
}
|
|
}
|
|
|
|
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
|
|
index 32a3c4e38d..e582252da6 100644
|
|
--- a/crypto/ui/ui_util.c
|
|
+++ b/crypto/ui/ui_util.c
|
|
@@ -32,7 +32,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
|
|
int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
|
int verify)
|
|
{
|
|
- int ok = 0;
|
|
+ int ok = -2;
|
|
UI *ui;
|
|
|
|
if (size < 1)
|
|
@@ -47,8 +47,6 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
|
ok = UI_process(ui);
|
|
UI_free(ui);
|
|
}
|
|
- if (ok > 0)
|
|
- ok = 0;
|
|
return ok;
|
|
}
|
|
|
|
--
|
|
2.27.0
|
|
|