diff options
author | jsing <> | 2017-09-25 18:02:27 +0000 |
---|---|---|
committer | jsing <> | 2017-09-25 18:02:27 +0000 |
commit | 7639841ec4865f7b5291dd45001f1dfaf669e342 (patch) | |
tree | 42d6703c344d9eccc786a01354471588f9f39675 /src/lib/libssl/s3_lib.c | |
parent | 07931285f5ddfc85a89b75c784c029c72187c885 (diff) | |
download | openbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.tar.gz openbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.tar.bz2 openbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.zip |
Fix various issues in the OCSP extension parsing code:
- When parsing the OCSP extension we can have multiple responder IDs - pull
these out correctly.
- Stop using CBS_stow() - it's unnecessary since we just need access to the
data and length (which we can get via CBS_data() and CBS_len()).
- Use a temporary pointer when calling d2i_*() functions, since it will
increment the pointer by the number of bytes it consumed when decoding.
The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.
ok beck@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
0 files changed, 0 insertions, 0 deletions