Bug#13904906: YASSL PRE-AUTH CRASH WITH 5.1.62, 5.5.22

Problem: Valgrind reports errors when an invalid certificate is used on the
         client.

Solution: Updated yaSSL to version 2.2.2.

cmake/ssl.cmake

@@ -25,7 +25,7 @@ MACRO (MYSQL_USE_BUNDLED_SSL)
   SET(SSL_LIBRARIES  yassl taocrypt)
   SET(SSL_INCLUDE_DIRS ${INC_DIRS})
   SET(SSL_INTERNAL_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL)
-  SET(SSL_DEFINES "-DHAVE_YASSL -DYASSL_PURE_C -DYASSL_PREFIX -DHAVE_OPENSSL -DYASSL_THREAD_SAFE")
+  SET(SSL_DEFINES "-DHAVE_YASSL -DYASSL_PURE_C -DYASSL_PREFIX -DHAVE_OPENSSL -DMULTI_THREADED")
   CHANGE_SSL_SETTINGS("bundled")
   #Remove -fno-implicit-templates 
   #(yassl sources cannot  be compiled with  it)

extra/yassl/README

@@ -12,7 +12,16 @@ before calling SSL_new();
 
 *** end Note ***
 
-yaSSL Release notes, version 2.1.2 (9/2/2011)
+yaSSL Release notes, version 2.2.2 (7/5/2012)
+
+    This release of yaSSL contains bug fixes and more security checks around
+    malicious certificates.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.1.2 (9/2/2011)
 
     This release of yaSSL contains bug fixes, better non-blocking support with
     SSL_write, and OpenSSL RSA public key format support.

extra/yassl/include/lock.hpp

@@ -27,7 +27,7 @@
   Visual Studio Source Annotations header (sourceannotations.h) fails
   to compile if outside of the global namespace.
 */
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
 #ifdef _WIN32
 #include <windows.h>
 #endif
@@ -36,8 +36,9 @@
 namespace yaSSL {
 
 
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
     #ifdef _WIN32
+        #include <windows.h>
 
         class Mutex {
             CRITICAL_SECTION cs_;
@@ -77,7 +78,7 @@ namespace yaSSL {
         };
 
     #endif // _WIN32
-#else  // YASSL_THREAD_SAFE (WE'RE SINGLE)
+#else  // MULTI_THREADED (WE'RE SINGLE)
 
     class Mutex {
     public:
@@ -87,7 +88,7 @@ namespace yaSSL {
         };
     };
 
-#endif // YASSL_THREAD_SAFE
+#endif // MULTI_THREADED
 
 
 

extra/yassl/include/openssl/ssl.h

@@ -35,7 +35,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.2.0"
+#define YASSL_VERSION "2.2.2"
 
 
 #if defined(__cplusplus)

extra/yassl/include/yassl_error.hpp

@@ -65,7 +65,7 @@ enum YasslError {
 enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib };
 enum { MAX_ERROR_SZ = 80 };
 
-void SetErrorString(unsigned long, char*);
+void SetErrorString(YasslError, char*);
 
 /* remove for now, if go back to exceptions use this wrapper
 // Base class for all yaSSL exceptions

extra/yassl/src/cert_wrapper.cpp

@@ -250,8 +250,7 @@ int CertManager::Validate()
         TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
         TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
 
-        int err = cert.GetError().What();
-        if ( err )
+        if (int err = cert.GetError().What())
             return err;
 
         const TaoCrypt::PublicKey& key = cert.GetPublicKey();

extra/yassl/src/lock.cpp

@@ -26,7 +26,7 @@
 namespace yaSSL {
 
 
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
     #ifdef _WIN32
         
         Mutex::Mutex()
@@ -79,7 +79,7 @@ namespace yaSSL {
          
 
     #endif // _WIN32
-#endif // YASSL_THREAD_SAFE
+#endif // MULTI_THREADED
 
 
 

extra/yassl/src/ssl.cpp

@@ -27,7 +27,6 @@
 
 
 
-
 /*  see man pages for function descriptions */
 
 #include "runtime.hpp"
@@ -1014,7 +1013,7 @@ char* ERR_error_string(unsigned long errNumber, char* buffer)
   static char* msg = (char*)"Please supply a buffer for error string";
 
     if (buffer) {
-        SetErrorString(errNumber, buffer);
+        SetErrorString(YasslError(errNumber), buffer);
         return buffer;
     }
 

extra/yassl/src/yassl_error.cpp

@@ -31,11 +31,6 @@
     #pragma warning(disable: 4996)
 #endif
 
-#ifdef _MSC_VER
-    // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
-    #pragma warning(disable: 4996)
-#endif
-
 namespace yaSSL {
 
 
@@ -60,7 +55,7 @@ Library Error::get_lib() const
 */
 
 
-void SetErrorString(unsigned long error, char* buffer)
+void SetErrorString(YasslError error, char* buffer)
 {
     using namespace TaoCrypt;
     const int max = MAX_ERROR_SZ;  // shorthand

extra/yassl/taocrypt/include/aes.hpp

@@ -92,7 +92,6 @@ typedef BlockCipher<ENCRYPTION, AES, CBC> AES_CBC_Encryption;
 typedef BlockCipher<DECRYPTION, AES, CBC> AES_CBC_Decryption;
 
 
-
 } // naemspace
 
 #endif // TAO_CRYPT_AES_HPP

extra/yassl/taocrypt/include/pwdbased.hpp

@@ -48,9 +48,11 @@ word32 PBKDF2_HMAC<T>::DeriveKey(byte* derived, word32 dLen, const byte* pwd,
                                  word32 pLen, const byte* salt, word32 sLen,
                                  word32 iterations) const
 {
-	if (dLen > MaxDerivedKeyLength())
+    if (dLen > MaxDerivedKeyLength())
         return 0;
 
+    if (iterations < 0)
+        return 0;
 
     ByteBlock buffer(T::DIGEST_SIZE);
 	HMAC<T>   hmac;

extra/yassl/taocrypt/src/asn.cpp

@@ -154,6 +154,8 @@ word32 GetLength(Source& source)
     else
         length = b;
 
+    if (source.IsLeft(length) == false) return 0;
+
     return length;
 }
 
@@ -832,7 +834,7 @@ void CertDecoder::GetName(NameType nt)
             if (email) {
                 if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
                     source_.SetError(CONTENT_E);
-                    return; 
+                    return;
                 }
             }
 

extra/yassl/taocrypt/src/coding.cpp

@@ -103,6 +103,16 @@ void HexDecoder::Decode()
         byte b  = coded_.next() - 0x30;  // 0 starts at 0x30
         byte b2 = coded_.next() - 0x30;
 
+        // sanity checks
+        if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+        if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
         b  = hexDecode[b];
         b2 = hexDecode[b2];
 
@@ -178,6 +188,7 @@ void Base64Decoder::Decode()
 {
     word32 bytes = coded_.size();
     word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz); 
+    const  byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
     plainSz = ((plainSz * 3) / 4) + 3;
     decoded_.New(plainSz);
 
@@ -200,6 +211,16 @@ void Base64Decoder::Decode()
         if (e4 == pad)
             pad4 = true;
 
+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            coded_.SetError(PEM_E);
+            return;
+        }
+
         e1 = base64Decode[e1 - 0x2B];
         e2 = base64Decode[e2 - 0x2B];
         e3 = (e3 == pad) ? 0 : base64Decode[e3 - 0x2B];

extra/yassl/taocrypt/taocrypt.dsw

@@ -3,6 +3,21 @@ Microsoft Developer Studio Workspace File, Format Version 6.00
 
 ###############################################################################
 
+Project: "benchmark"=.\benchmark\benchmark.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+    Begin Project Dependency
+    Project_Dep_Name taocrypt
+    End Project Dependency
+}}}
+
+###############################################################################
+
 Project: "taocrypt"=.\taocrypt.dsp - Package Owner=<4>
 
 Package=<5>
@@ -15,7 +30,7 @@ Package=<4>
 
 ###############################################################################
 
-Project: "test"=.\test.dsp - Package Owner=<4>
+Project: "test"=.\test\test.dsp - Package Owner=<4>
 
 Package=<5>
 {{{

extra/yassl/taocrypt/test/memory.cpp

@@ -31,7 +31,7 @@
 To use MemoryTracker merely add this file to your project
 No need to instantiate anything
 
-If your app is multi threaded define YASSL_THREAD_SAFE
+If your app is multi threaded define MULTI_THREADED
 
 *********************************************************************/
 

extra/yassl/taocrypt/test.dsp → extra/yassl/taocrypt/test/test.dsp

@@ -37,12 +37,12 @@ RSC=rc.exe
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 0
-# PROP Output_Dir "test\Release"
-# PROP Intermediate_Dir "test\Release"
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /O2 /I "include" /I "mySTL" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../include" /I "../mySTL" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -61,12 +61,12 @@ LINK32=link.exe
 # PROP BASE Target_Dir ""
 # PROP Use_MFC 0
 # PROP Use_Debug_Libraries 1
-# PROP Output_Dir "test\Debug"
-# PROP Intermediate_Dir "test\Debug"
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /ZI /Od /I "../include" /I "../mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe
@@ -87,7 +87,7 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
-SOURCE=.\test\test.cpp
+SOURCE=.\test.cpp
 # End Source File
 # End Group
 # Begin Group "Header Files"

extra/yassl/yassl.dsw

@@ -90,7 +90,7 @@ Package=<4>
 
 ###############################################################################
 
-Project: "test"=.\taocrypt\test.dsp - Package Owner=<4>
+Project: "test"=.\taocrypt\test\test.dsp - Package Owner=<4>
 
 Package=<5>
 {{{
@@ -113,9 +113,6 @@ Package=<5>
 
 Package=<4>
 {{{
-    Begin Project Dependency
-    Project_Dep_Name taocrypt
-    End Project Dependency
     Begin Project Dependency
     Project_Dep_Name yassl
     End Project Dependency