Change X509_NAME_get_index_by[NID|OBJ] to be safer. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	beck <>	2023-05-02 14:13:05 +0000
committer	beck <>	2023-05-02 14:13:05 +0000
commit	bcec9e3700677dff4d40f3813e166d89598a6329 (patch)
tree	9b7516cbe9c5101c44087b7ca6a0b2d7374ebb84 /src/lib/libc
parent	b51ca2264f3c87ae6c0f6bd726ff14aae7906760 (diff)
download	openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.gz openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.tar.bz2 openbsd-bcec9e3700677dff4d40f3813e166d89598a6329.zip

Change X509_NAME_get_index_by[NID|OBJ] to be safer.

Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@

Diffstat (limited to 'src/lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: