diff options
| author | tb <> | 2021-08-24 15:23:03 +0000 |
|---|---|---|
| committer | tb <> | 2021-08-24 15:23:03 +0000 |
| commit | 58d3d45e3a11b8ed8c549067865fb45b7caf7819 (patch) | |
| tree | c39cdb8b332be4446a8637c55f18a2a1f4c7ec18 /src/lib/libcrypto/x509/x509_cpols.c | |
| parent | 252cbe4493634e4a70789ca96794482ba219de91 (diff) | |
| download | openbsd-58d3d45e3a11b8ed8c549067865fb45b7caf7819.tar.gz openbsd-58d3d45e3a11b8ed8c549067865fb45b7caf7819.tar.bz2 openbsd-58d3d45e3a11b8ed8c549067865fb45b7caf7819.zip | |
Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.
From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)
ok inoguchi
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cpols.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cpols.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index 4b6c13cfbe..2ace607b23 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_cpols.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ | 1 | /* $OpenBSD: x509_cpols.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -696,7 +696,8 @@ print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) | |||
| 696 | qualinfo = sk_POLICYQUALINFO_value(quals, i); | 696 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
| 697 | switch (OBJ_obj2nid(qualinfo->pqualid)) { | 697 | switch (OBJ_obj2nid(qualinfo->pqualid)) { |
| 698 | case NID_id_qt_cps: | 698 | case NID_id_qt_cps: |
| 699 | BIO_printf(out, "%*sCPS: %s\n", indent, "", | 699 | BIO_printf(out, "%*sCPS: %.*s\n", indent, "", |
| 700 | qualinfo->d.cpsuri->length, | ||
| 700 | qualinfo->d.cpsuri->data); | 701 | qualinfo->d.cpsuri->data); |
| 701 | break; | 702 | break; |
| 702 | 703 | ||
| @@ -724,8 +725,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 724 | if (notice->noticeref) { | 725 | if (notice->noticeref) { |
| 725 | NOTICEREF *ref; | 726 | NOTICEREF *ref; |
| 726 | ref = notice->noticeref; | 727 | ref = notice->noticeref; |
| 727 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | 728 | BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", |
| 728 | ref->organization->data); | 729 | ref->organization->length, ref->organization->data); |
| 729 | BIO_printf(out, "%*sNumber%s: ", indent, "", | 730 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
| 730 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); | 731 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
| 731 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { | 732 | for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { |
| @@ -741,8 +742,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 741 | BIO_puts(out, "\n"); | 742 | BIO_puts(out, "\n"); |
| 742 | } | 743 | } |
| 743 | if (notice->exptext) | 744 | if (notice->exptext) |
| 744 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", | 745 | BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", |
| 745 | notice->exptext->data); | 746 | notice->exptext->length, notice->exptext->data); |
| 746 | } | 747 | } |
| 747 | 748 | ||
| 748 | void | 749 | void |