summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorjsing <>2017-09-25 18:02:27 +0000
committerjsing <>2017-09-25 18:02:27 +0000
commit7639841ec4865f7b5291dd45001f1dfaf669e342 (patch)
tree42d6703c344d9eccc786a01354471588f9f39675 /src/lib/libssl/s3_lib.c
parent07931285f5ddfc85a89b75c784c029c72187c885 (diff)
downloadopenbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.tar.gz
openbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.tar.bz2
openbsd-7639841ec4865f7b5291dd45001f1dfaf669e342.zip
Fix various issues in the OCSP extension parsing code:
- When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
0 files changed, 0 insertions, 0 deletions