If a purpose is configured on the verify context (which it currently
never is), this check would only accept certificates for which the
purpose check fails. Also, this code is not currently reachable from
public API since x509_verify() is only ever called with a legacy xsc
set on the verify ctx, so x509_verify_ccert_extensions() takes the
path returning 1 earlier.
X509_check_purpose() is one of these strange legacy APIs. It returns -1
on error, 0 if the cert fails the purpose check, 1 if it passes it and
values between 2 and 5 indicate various legacy garbage meaning that the
cert might possibly have been fit for this purpose until around a quarter
century ago. While for CA certs the checks in "No we don't care about ..."
exclude return values > 1, it is still possible for the S/MIME purpose
to return 2 due to a workaround for some buggy NS certs, for example.
In short: anything but 1 means unfit for the purpose or at best dubious,
so reject such certs.
Reported by Frank Denis
ok kenjiro
This makes the buffer cache have only one clean cache,
and to not care about where memory is allocated from.
IO devices are expected to be able to handle IO from a
buf at any physical address.
ok kettenis@ deraadt@
When processing the control file, any file to be printed must be
located in the spool directory (e.g. dfA000foobar) either as a
regular file or a symbolic link to another file to be printed. This
matches the handling of the 'U' (unlink) directive.
OK deraadt@
passed to mwx_mcu_send_firmware() does not move beyond the firmware
image. For regions flagged with FW_FEATURE_NON_DL don't forget to
increase the offset.
If a PKCS#7 S/MIME message comes with an empty set of digestAlgorithms
in the SignedData, PKCS7_verify() would incorrectly free a caller-owned
buffer. Fix the freeing logic to avoid this situation.
From Igor Ustinov via OpenSSL
If the in string is unreasonably long, assigning strlen(in) to an int
may overflow, so exclude this situation.
Moreover, the code would unconditionally multiply nchar by 2 or 4,
which could again overflow an int. Check for this situation and error
out to avoid an out of bounds write.
More may be needed in here, which will be revisited later.
Based on a diff by Viktor Dukhovni via OpenSSL.
The RFC 3211 PWRI integrity check when unwrapping the password-derived key
accesses seven bytes from a heap-allocated buffer. If an (invalid) block
cipher with short blocks is in use 2 * blocksize may not be sufficient room
for 7 bytes. In that silly case, the function performs an OOB read. Add
length check to avoid this situation
From Igor Ustinov via OpenSSL.
The keyDerivationAlgorithm field is OPTIONAL in the ASN.1 but required
for password-based CMS. Check that the field is present before using it
to avoid a crash.
From Igor Ustinov via OpenSSL
them - previously we were ending up with four codepoints in one cell
which tmux believed to be width 2, but terminals considered width 4.
Secondly, invalidate cursor position before redrawing the cell when the
second codepoint is received, terminals vary in how they manage
backspace and cursor movement across these characters, so it is better
to use absolute rather than relative positioning. GitHub issue 4853.
From Walter Alejandro Iglesias who reports this stops garbage on screen
when resuming from hibernate without switching vt, on a unknown machine.
Avoids a similar problem on matthieu's Framework Alder Lake, and mvs'
Gemini Lake and Alder Lake machines.
Adding the scaled fractional part to whole may result in a signed overflow.
Guard against this by adding checks before subtracting or adding.
problem pointed out by a friend of claudio's
fix looks good to claudio, ok djm
The point at infinity would previously raise EC_R_POINT_AT_INFINITY via
EC_POINT_get_affine_coordinates(). For consistency, also raise an error
for off-curve points.
pointed out by/ok kenjiro
from miod@ ok jsg@
This round of commits was prompted by a double-free report
from Andrew Griffiths at Calif.
server nfs request mbuf pointers were stored in two structs:
nmi_mrep in struct nfsm_info
nd_mrep in struct nfsrv_descript
but only set to NULL after m_freem() in nmi_mrep
This problem is avoided by removing the use of struct nfsm_info
in the server paths and passing struct nfsrv_descript to
new versions of the nfsm functions.
mvs