doc/share/security/patches/SA-09:08/openssl6.patch

Index: crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- crypto/openssl/crypto/asn1/tasn_dec.c	(revision 191353)
+++ crypto/openssl/crypto/asn1/tasn_dec.c	(working copy)
@@ -768,6 +768,18 @@
 		case V_ASN1_SET:
 		case V_ASN1_SEQUENCE:
 		default:
+		if (utype == V_ASN1_BMPSTRING && (len & 1))
+			{
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
+		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+			{
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
 		/* All based on ASN1_STRING and handled the same */
 		if(!*pval) {
 			stmp = ASN1_STRING_type_new(utype);
Index: crypto/openssl/crypto/asn1/asn1.h
===================================================================
--- crypto/openssl/crypto/asn1/asn1.h	(revision 191353)
+++ crypto/openssl/crypto/asn1/asn1.h	(working copy)
@@ -1030,6 +1030,7 @@
 #define ASN1_R_BAD_OBJECT_HEADER			 102
 #define ASN1_R_BAD_PASSWORD_READ			 103
 #define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
 #define ASN1_R_BN_LIB					 105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
 #define ASN1_R_BUFFER_TOO_SMALL				 107
@@ -1088,6 +1089,7 @@
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
 #define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
 #define ASN1_R_UNKNOWN_FORMAT				 160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
Index: crypto/openssl/crypto/asn1/asn1_err.c
===================================================================
--- crypto/openssl/crypto/asn1/asn1_err.c	(revision 191353)
+++ crypto/openssl/crypto/asn1/asn1_err.c	(working copy)
@@ -153,6 +153,7 @@
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BMPSTRING_IS_WRONG_LENGTH        ,"bmpstring is wrong length"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -211,6 +212,7 @@
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
 {ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
+{ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH  ,"universalstring is wrong length"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},