name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is not NUL terminated (except that for legacy reasons it happens to be). Instead of taking the strlen(), use the already known ASN.1 length and use strndup() instead of strdup() to generate NUL terminated strings after some existing code has checked that there are no embedded NULs. In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not optimal and might be switched to using strvis() later. ok beck inoguchi jsing
author: tb <> 2022-03-26 16:34:21 +0000
committer: tb <> 2022-03-26 16:34:21 +0000
commit: 62e5583bb1b862560432775b3c0765db00173fc6 (patch)
tree: b479f5e5efe3b6b03f82d771d623f8ae686fc6d0 /src/lib/libcrypto/x509/x509_alt.c
parent: 2ce3af26514a8bfe23e0605aa5b31dc0ab865be1 (diff)
download: openbsd-62e5583bb1b862560432775b3c0765db00173fc6.tar.gz
openbsd-62e5583bb1b862560432775b3c0765db00173fc6.tar.bz2
openbsd-62e5583bb1b862560432775b3c0765db00173fc6.zip
1 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c
index 845ab1364f..8656df82b3 100644
--- a/src/lib/libcrypto/x509/x509_alt.c
+++ b/src/lib/libcrypto/x509/x509_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_alt.c,v 1.11 2022/03/14 21:15:49 tb Exp $ */
+/* $OpenBSD: x509_alt.c,v 1.12 2022/03/26 16:34:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -673,21 +673,24 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
        case GEN_DNS:
                if (!x509_constraints_valid_sandns(bytes, len)) {
                        X509V3error(X509V3_R_BAD_OBJECT);
-                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        ERR_asprintf_error_data("name=%s value='%.*s'", name,
+                            (int)len, bytes);
                        goto err;
                }
                break;
        case GEN_URI:
                if (!x509_constraints_uri_host(bytes, len, NULL)) {
                        X509V3error(X509V3_R_BAD_OBJECT);
-                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        ERR_asprintf_error_data("name=%s value='%.*s'", name,
+                            (int)len, bytes);
                        goto err;
                }
                break;
        case GEN_EMAIL:
                if (!x509_constraints_parse_mailbox(bytes, len, NULL)) {
                        X509V3error(X509V3_R_BAD_OBJECT);
-                        ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+                        ERR_asprintf_error_data("name=%s value='%.*s'", name,
+                            (int)len, bytes);
                        goto err;
                }
                break;
author	tb <>	2022-03-26 16:34:21 +0000
committer	tb <>	2022-03-26 16:34:21 +0000
commit	62e5583bb1b862560432775b3c0765db00173fc6 (patch)
tree	b479f5e5efe3b6b03f82d771d623f8ae686fc6d0 /src/lib/libcrypto/x509/x509_alt.c
parent	2ce3af26514a8bfe23e0605aa5b31dc0ab865be1 (diff)
download	openbsd-62e5583bb1b862560432775b3c0765db00173fc6.tar.gz openbsd-62e5583bb1b862560432775b3c0765db00173fc6.tar.bz2 openbsd-62e5583bb1b862560432775b3c0765db00173fc6.zip