Commit 24f6093e authored by Georgi Kodinov's avatar Georgi Kodinov

weave merge mysql-5.0->mysql-5.0-security

parents 7ac4179e 7c669c7c
......@@ -5,7 +5,7 @@ For the avoidance of doubt, this particular copy of the software
is released under the version 2 of the GNU General Public License.
MySQL is brought to you by Oracle.
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
License information can be found in the COPYING file.
......
......@@ -21,8 +21,7 @@ See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
yaSSL Release notes, version 2.0.0 (7/6/2010)
*****************yaSSL Release notes, version 2.0.0 (7/6/2010)
This release of yaSSL contains bug fixes, new testing certs,
and a security patch for a potential heap overflow on forged application
......
/*
Copyright (c) 2005-2007 MySQL AB, 2008 Sun Microsystems, Inc.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
......@@ -35,7 +35,7 @@
#include "rsa.h"
#define YASSL_VERSION "2.1.4"
#define YASSL_VERSION "2.2.0"
#if defined(__cplusplus)
......
/*
Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -1087,19 +1087,37 @@ void Certificate::Process(input_buffer& input, SSL& ssl)
uint32 list_sz;
byte tmp[3];
if (input.get_remaining() < sizeof(tmp)) {
ssl.SetError(YasslError(bad_input));
return;
}
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, list_sz);
if (list_sz > (uint)MAX_RECORD_SIZE) { // sanity check
ssl.SetError(YasslError(bad_input));
return;
}
while (list_sz) {
// cert size
uint32 cert_sz;
if (input.get_remaining() < sizeof(tmp)) {
ssl.SetError(YasslError(bad_input));
return;
}
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, cert_sz);
if (cert_sz > (uint)MAX_RECORD_SIZE || input.get_remaining() < cert_sz){
ssl.SetError(YasslError(bad_input));
return;
}
x509* myCert;
cm.AddPeerCert(myCert = NEW_YS x509(cert_sz));
input.read(myCert->use_buffer(), myCert->get_length());
......
/*
Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -308,8 +308,9 @@ SSL::SSL(SSL_CTX* ctx)
SetError(YasslError(err));
return;
}
else if (serverSide) {
else if (serverSide && ctx->GetCiphers().setSuites_ == 0) {
// remove RSA or DSA suites depending on cert key type
// but don't override user sets
ProtocolVersion pv = secure_.get_connection().version_;
bool removeDH = secure_.use_parms().removeDH_;
......
/*
Copyright (C) 2000-2007 MySQL AB
Copyright (C) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -39,25 +39,32 @@ public:
explicit Source(word32 sz = 0) : buffer_(sz), current_(0) {}
Source(const byte* b, word32 sz) : buffer_(b, sz), current_(0) {}
word32 remaining() { if (GetError().What()) return 0;
else return buffer_.size() - current_; }
word32 size() const { return buffer_.size(); }
void grow(word32 sz) { buffer_.CleanGrow(sz); }
bool IsLeft(word32 sz) { if (remaining() >= sz) return true;
else { SetError(CONTENT_E); return false; } }
const byte* get_buffer() const { return buffer_.get_buffer(); }
const byte* get_current() const { return &buffer_[current_]; }
word32 get_index() const { return current_; }
void set_index(word32 i) { current_ = i; }
void set_index(word32 i) { if (i < size()) current_ = i; }
byte operator[] (word32 i) { current_ = i; return next(); }
byte next() { return buffer_[current_++]; }
byte prev() { return buffer_[--current_]; }
byte next() { if (IsLeft(1)) return buffer_[current_++]; else return 0; }
byte prev() { if (current_) return buffer_[--current_]; else return 0; }
void add(const byte* data, word32 len)
{
memcpy(buffer_.get_buffer() + current_, data, len);
current_ += len;
if (IsLeft(len)) {
memcpy(buffer_.get_buffer() + current_, data, len);
current_ += len;
}
}
void advance(word32 i) { current_ += i; }
void advance(word32 i) { if (IsLeft(i)) current_ += i; }
void reset(ByteBlock&);
Error GetError() { return error_; }
......
/*
Copyright (c) 2005-2007 MySQL AB, 2009, 2010 Sun Microsystems, Inc.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
......@@ -144,6 +144,8 @@ word32 GetLength(Source& source)
if (b >= LONG_LENGTH) {
word32 bytes = b & 0x7F;
if (source.IsLeft(bytes) == false) return 0;
while (bytes--) {
b = source.next();
length = (length << 8) | b;
......@@ -578,8 +580,10 @@ void CertDecoder::StoreKey()
read = source_.get_index() - read;
length += read;
if (source_.GetError().What()) return;
while (read--) source_.prev();
if (source_.IsLeft(length) == false) return;
key_.SetSize(length);
key_.SetKey(source_.get_current());
source_.advance(length);
......@@ -611,6 +615,8 @@ void CertDecoder::AddDSA()
word32 length = GetLength(source_);
length += source_.get_index() - idx;
if (source_.IsLeft(length) == false) return;
key_.AddToEnd(source_.get_buffer() + idx, length);
}
......@@ -620,6 +626,8 @@ word32 CertDecoder::GetAlgoId()
{
if (source_.GetError().What()) return 0;
word32 length = GetSequence();
if (source_.GetError().What()) return 0;
byte b = source_.next();
if (b != OBJECT_IDENTIFIER) {
......@@ -628,8 +636,9 @@ word32 CertDecoder::GetAlgoId()
}
length = GetLength(source_);
if (source_.IsLeft(length) == false) return 0;
word32 oid = 0;
while(length--)
oid += source_.next(); // just sum it up for now
......@@ -662,6 +671,10 @@ word32 CertDecoder::GetSignature()
}
sigLength_ = GetLength(source_);
if (sigLength_ == 0 || source_.IsLeft(sigLength_) == false) {
source_.SetError(CONTENT_E);
return 0;
}
b = source_.next();
if (b != 0) {
......@@ -728,6 +741,7 @@ void CertDecoder::GetName(NameType nt)
if (length >= ASN_NAME_MAX)
return;
if (source_.IsLeft(length) == false) return;
length += source_.get_index();
char* ptr;
......@@ -753,7 +767,10 @@ void CertDecoder::GetName(NameType nt)
}
word32 oidSz = GetLength(source_);
if (source_.IsLeft(oidSz) == false) return;
byte joint[2];
if (source_.IsLeft(sizeof(joint)) == false) return;
memcpy(joint, source_.get_current(), sizeof(joint));
// v1 name types
......@@ -763,6 +780,8 @@ void CertDecoder::GetName(NameType nt)
b = source_.next(); // strType
word32 strLen = GetLength(source_);
if (source_.IsLeft(strLen) == false) return;
switch (id) {
case COMMON_NAME:
if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
......@@ -804,6 +823,7 @@ void CertDecoder::GetName(NameType nt)
source_.advance(oidSz + 1);
word32 length = GetLength(source_);
if (source_.IsLeft(length) == false) return;
if (email) {
if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
......@@ -837,6 +857,8 @@ void CertDecoder::GetDate(DateType dt)
}
word32 length = GetLength(source_);
if (source_.IsLeft(length) == false) return;
byte date[MAX_DATE_SZ];
if (length > MAX_DATE_SZ || length < MIN_DATE_SZ) {
source_.SetError(DATE_SZ_E);
......
/*
Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -2587,11 +2587,14 @@ void Integer::Decode(Source& source)
}
word32 length = GetLength(source);
if (length == 0 || source.GetError().What()) return;
if ( (b = source.next()) == 0x00)
length--;
else
source.prev();
if (source.IsLeft(length) == false) return;
unsigned int words = (length + WORD_SIZE - 1) / WORD_SIZE;
words = RoundupSize(words);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment