From 33e60e8e78543462d31e8c6a7c3577ffe18b6647 Mon Sep 17 00:00:00 2001 From: tpearson Date: Wed, 29 Sep 2010 05:15:51 +0000 Subject: Critical security patches for the following vulnerabilities: CVE-2009-0689 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-2702 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- kio/kssl/kopenssl.cc | 7 +++++++ kio/kssl/kopenssl.h | 5 +++++ kio/kssl/ksslcertificate.cc | 4 +++- 3 files changed, 15 insertions(+), 1 deletion(-) (limited to 'kio/kssl') diff --git a/kio/kssl/kopenssl.cc b/kio/kssl/kopenssl.cc index ababf37a0..70d36cd8e 100644 --- a/kio/kssl/kopenssl.cc +++ b/kio/kssl/kopenssl.cc @@ -201,6 +201,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char static X509_NAME *(*K_X509_NAME_new)() = 0L; static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; +static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; #endif @@ -504,6 +505,7 @@ KConfig *cfg; K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new"); K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name"); K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data"); + K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length"); #endif } @@ -1561,6 +1563,11 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { return 0L; } +int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { + if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); + return 0L; +} + STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); return 0L; diff --git a/kio/kssl/kopenssl.h b/kio/kssl/kopenssl.h index e4f6de0e8..24130807a 100644 --- a/kio/kssl/kopenssl.h +++ b/kio/kssl/kopenssl.h @@ -633,6 +633,11 @@ public: */ unsigned char *ASN1_STRING_data(ASN1_STRING *x); + /* + * ASN1_STRING_length + */ + int ASN1_STRING_length(ASN1_STRING *x); + /* * */ diff --git a/kio/kssl/ksslcertificate.cc b/kio/kssl/ksslcertificate.cc index 73a8451ca..285bb1d2d 100644 --- a/kio/kssl/ksslcertificate.cc +++ b/kio/kssl/ksslcertificate.cc @@ -1113,7 +1113,9 @@ TQStringList KSSLCertificate::subjAltNames() const { } TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); - if (!s.isEmpty()) { + if (!s.isEmpty() && + /* skip subjectAltNames with embedded NULs */ + s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { rc += s; } } -- cgit v1.2.1