Skip to content

Fixed two UAFs and bumped versions for release #2390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 4, 2025
+53 −11
Merged

Fixed two UAFs and bumped versions for release #2390

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion openssl-sys/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@

## [Unreleased]

## [v0.9.107] - 2025-04-04

### Added

* Support for building with AWS-LC.

## [v0.9.106] - 2025-02-15

### Added
Expand Down Expand Up @@ -636,7 +642,8 @@ Fixed builds against OpenSSL built with `no-cast`.
* Added `X509_verify` and `X509_REQ_verify`.
* Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.

[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106..master
[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.107..master
[v0.9.107]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106...openssl-sys-v0.9.107
[v0.9.106]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.105...openssl-sys-v0.9.106
[v0.9.105]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.104...openssl-sys-v0.9.105
[v0.9.104]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104
Expand Down
2 changes: 1 addition & 1 deletion openssl-sys/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "openssl-sys"
version = "0.9.106"
version = "0.9.107"
authors = [
"Alex Crichton <[email protected]>",
"Steven Fackler <[email protected]>",
Expand Down
13 changes: 12 additions & 1 deletion openssl/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,16 @@

## [Unreleased]

## [v0.10.72] - 2025-04-04

### Fixed

* Fixed use-after-free in `Md::fetch` and `Cipher::fetch` when `properties` is `Some(...)`. In practice this use-after-free most likely resulted in OpenSSL treating the `properties` as `b""`.

### Added

* Support for building with AWS-LC.

## [v0.10.71] - 2025-02-15

### Added
Expand Down Expand Up @@ -959,7 +969,8 @@

Look at the [release tags] for information about older releases.

[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...master
[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...master
[v0.10.72]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72
[v0.10.71]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.71
[v0.10.70]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70
[v0.10.69]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69
Expand Down
4 changes: 2 additions & 2 deletions openssl/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "openssl"
version = "0.10.71"
version = "0.10.72"
authors = ["Steven Fackler <[email protected]>"]
license = "Apache-2.0"
description = "OpenSSL bindings"
Expand Down Expand Up @@ -32,7 +32,7 @@ libc = "0.2"
once_cell = "1.5.2"

openssl-macros = { version = "0.1.1", path = "../openssl-macros" }
ffi = { package = "openssl-sys", version = "0.9.106", path = "../openssl-sys" }
ffi = { package = "openssl-sys", version = "0.9.107", path = "../openssl-sys" }

[dev-dependencies]
hex = "0.4"
14 changes: 13 additions & 1 deletion openssl/src/cipher.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ impl Cipher {
let ptr = cvt_p(ffi::EVP_CIPHER_fetch(
ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
algorithm.as_ptr(),
properties.map_or(ptr::null_mut(), |s| s.as_ptr()),
properties.as_ref().map_or(ptr::null_mut(), |s| s.as_ptr()),
))?;

Ok(Cipher::from_ptr(ptr))
Expand Down Expand Up @@ -595,3 +595,15 @@ impl CipherRef {
unsafe { EVP_CIPHER_block_size(self.as_ptr()) as usize }
}
}

#[cfg(test)]
mod test {
#[cfg(ossl300)]
use super::Cipher;

#[test]
#[cfg(ossl300)]
fn test_cipher_fetch_properties() {
assert!(Cipher::fetch(None, "AES-128-GCM", Some("provider=gibberish")).is_err());
}
}
8 changes: 4 additions & 4 deletions openssl/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,19 +60,19 @@
//! override the automatic detection logic.
//!
//! * `OPENSSL_DIR` - If specified, the directory of an OpenSSL installation. The directory should contain `lib` and
//! `include` subdirectories containing the libraries and headers respectively.
//! `include` subdirectories containing the libraries and headers respectively.
//! * `OPENSSL_LIB_DIR` and `OPENSSL_INCLUDE_DIR` - If specified, the directories containing the OpenSSL libraries and
//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
//! * `OPENSSL_STATIC` - If set, the crate will statically link to OpenSSL rather than dynamically link.
//! * `OPENSSL_LIBS` - If set, a `:`-separated list of library names to link to (e.g. `ssl:crypto`). This can be used
//! if nonstandard library names were used for whatever reason.
//! if nonstandard library names were used for whatever reason.
//! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled.
//!
//! If the `vendored` Cargo feature is enabled, the following environment variable can also be used to further configure
//! the OpenSSL build.
//!
//! * `OPENSSL_CONFIG_DIR` - If set, the copy of OpenSSL built by the `openssl-src` crate will be configured to look for
//! configuration files and root certificates in this directory.
//! configuration files and root certificates in this directory.
//!
//! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g.
//! `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling.
Expand Down
14 changes: 13 additions & 1 deletion openssl/src/md.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ impl Md {
let ptr = cvt_p(ffi::EVP_MD_fetch(
ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
algorithm.as_ptr(),
properties.map_or(ptr::null_mut(), |s| s.as_ptr()),
properties.as_ref().map_or(ptr::null_mut(), |s| s.as_ptr()),
))?;

Ok(Md::from_ptr(ptr))
Expand Down Expand Up @@ -233,3 +233,15 @@ impl MdRef {
unsafe { Nid::from_raw(ffi::EVP_MD_type(self.as_ptr())) }
}
}

#[cfg(test)]
mod test {
#[cfg(ossl300)]
use super::Md;

#[test]
#[cfg(ossl300)]
fn test_md_fetch_properties() {
assert!(Md::fetch(None, "SHA-256", Some("provider=gibberish")).is_err());
}
}