From 5bbf9675ceb2b128e37851abb32c2f121802ea0c Mon Sep 17 00:00:00 2001 From: metsw24-max Date: Tue, 24 Mar 2026 19:52:21 +0530 Subject: [PATCH 1/2] add length validation for Lock-Token to prevent underflow --- modules/ssl/ssl_engine_pphrase.c | 21 +++++++++++++-------- modules/ssl/ssl_util.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 773c4660eb8..6d7e7710af9 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -179,13 +179,13 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, * are used to give a better idea as to what failed. */ if (pkey_mtime) { - ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->retained->privkeys, key_id); - if (asn1 && (asn1->source_mtime == pkey_mtime)) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02575) - "Reusing existing private key from %s on restart", - ppcb_arg.pkey_file); - return APR_SUCCESS; - } + ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->retained->privkeys, key_id); + if (asn1 && (asn1->source_mtime == pkey_mtime)) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02575) + "Reusing existing private key from %s on restart", + ppcb_arg.pkey_file); + return APR_SUCCESS; + } } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02576) @@ -338,6 +338,11 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, /* Cache the private key in the global module configuration so it * can be used after subsequent reloads. */ asn1 = ssl_asn1_table_set(mc->retained->privkeys, key_id, pPrivateKey); + if (!asn1) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + "mod_ssl: Failed to cache private key"); + return ssl_die(s); + } if (ppcb_arg.nPassPhraseDialogCur != 0) { /* remember mtime of encrypted keys */ @@ -1024,4 +1029,4 @@ apr_status_t modssl_load_engine_keypair(server_rec *s, vhostid, certid ? certid : "no cert", keyid); return APR_ENOTIMPL; #endif -} +} \ No newline at end of file diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 12ffff511e2..5ee7346b41d 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -201,7 +201,14 @@ ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key, { apr_ssize_t klen = strlen(key); ssl_asn1_t *asn1 = apr_hash_get(table, key, klen); - apr_size_t length = i2d_PrivateKey(pkey, NULL); + int derlen = i2d_PrivateKey(pkey, NULL); + if (derlen <= 0) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, + "mod_ssl: Failed to encode private key"); + return NULL; + } + + apr_size_t length = (apr_size_t)derlen; unsigned char *p; /* Re-use structure if cached previously. */ @@ -220,7 +227,11 @@ ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key, asn1->nData = length; p = asn1->cpData; - i2d_PrivateKey(pkey, &p); /* increases p by length */ + if (i2d_PrivateKey(pkey, &p) != derlen) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, + "mod_ssl: Failed to serialize private key"); + return NULL; + } return asn1; } @@ -506,4 +517,4 @@ int modssl_is_engine_id(const char *name) #else return 0; #endif -} +} \ No newline at end of file From 3538c87958a9fd7fc53094a0dabcb08064f7361b Mon Sep 17 00:00:00 2001 From: metsw24-max Date: Wed, 25 Mar 2026 08:50:51 +0530 Subject: [PATCH 2/2] updated --- modules/ssl/ssl_engine_pphrase.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 6d7e7710af9..533978871a4 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -179,13 +179,13 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, * are used to give a better idea as to what failed. */ if (pkey_mtime) { - ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->retained->privkeys, key_id); - if (asn1 && (asn1->source_mtime == pkey_mtime)) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02575) - "Reusing existing private key from %s on restart", - ppcb_arg.pkey_file); - return APR_SUCCESS; - } + ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->retained->privkeys, key_id); + if (asn1 && (asn1->source_mtime == pkey_mtime)) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Reusing existing private key from %s on restart", + ppcb_arg.pkey_file); + return APR_SUCCESS; + } } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02576)