diff --git a/ChangeLog b/ChangeLog index 8415d24e3..3bc0a6a84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -117,6 +117,10 @@ Features errors on use of deprecated functions. Bugfix + * Fix bug in ssl_mail_client when password is longer that username (found + by Bruno Pape). + * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules + (detected by Clang's 3.6 UBSan). * mpi_size() and mpi_msb() would segfault when called on an mpi that is initialized but not set (found by pravic). * Fix detection of support for getrandom() on Linux (reported by syzzer) by diff --git a/library/x509_crl.c b/library/x509_crl.c index 9e4a9e172..a915abacc 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -463,7 +463,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( crl->sig_oid.len != sig_oid2.len || memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_SIG_MISMATCH ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 529e96b1a..6aab3bfcc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -758,7 +758,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * if( crt->sig_oid.len != sig_oid2.len || memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || sig_params1.len != sig_params2.len || - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) + ( sig_params1.len != 0 && + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_SIG_MISMATCH ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 6043b07d9..8abe7406c 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -711,7 +711,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " > Write username to server: %s", opt.user_name ); fflush( stdout ); - n = sizeof( buf ); + n = sizeof( base ); ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_name, strlen( opt.user_name ) ); @@ -732,6 +732,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " > Write password to server: %s", opt.user_pwd ); fflush( stdout ); + n = sizeof( base ); ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_pwd, strlen( opt.user_pwd ) ); diff --git a/tests/compat.sh b/tests/compat.sh index 97938e09c..eac189110 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -751,7 +751,7 @@ setup_arguments() P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then