Bug#511509: tqsllib: Improper checking of the return value of EVP_VerifyFinal()

To: submit@bugs.debian.org
Subject: Bug#511509: tqsllib: Improper checking of the return value of EVP_VerifyFinal()
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 11 Jan 2009 19:56:14 +0100
Message-id: <[🔎] 20090111185614.GA18877@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 511509@bugs.debian.org

Package: tqsllib
Severity: serious
Tags: security

Hi,

I've been checking packages to see if they properly check the return
value of some of the functions in openssl.  In openssl_cert.cpp
there is this piece of code:
        if (!EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key)) {
                tQSL_Error = TQSL_OPENSSL_ERROR;
                return 1;
        }

But EVP_VerifyFinal can return -1 on errors too.  A good way to check
the value would be something like:
        if (EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key) <= 0) {

I have no idea if this code is being used and what the consequences
of this might be.


Kurt

Reply to:

Follow-Ups:
- Bug#511509: marked as done (tqsllib: Improper checking of the return value of EVP_VerifyFinal())
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#510947: ax25-apps: Uses absolute path to call update-alternatives
Next by Date: ssbd 0.10-10 MIGRATED to testing
Previous by thread: Bug#510947: ax25-apps: Uses absolute path to call update-alternatives
Next by thread: Bug#511509: marked as done (tqsllib: Improper checking of the return value of EVP_VerifyFinal())
Index(es):
- Date
- Thread