diff options
| author | beck <> | 2020-09-18 08:28:45 +0000 |
|---|---|---|
| committer | beck <> | 2020-09-18 08:28:45 +0000 |
| commit | 5ab1a4db10bf4cb7507852b60baf6f13caca0187 (patch) | |
| tree | 993fd81b42d6123a6ef8e9038098ad5627467532 /src/lib | |
| parent | c994273701191e583d96a1829697ca3e3a1706dc (diff) | |
| download | openbsd-5ab1a4db10bf4cb7507852b60baf6f13caca0187.tar.gz openbsd-5ab1a4db10bf4cb7507852b60baf6f13caca0187.tar.bz2 openbsd-5ab1a4db10bf4cb7507852b60baf6f13caca0187.zip | |
Fix potential overflow in CN subject line parsing, thanks to
ASN1_STRING - the gift that keeps on giving.
Found by Guido Vranken's cryptofuzzer.
ok tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_constraints.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index d89ffd650d..ecb9de0d95 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_constraints.c,v 1.3 2020/09/14 09:43:33 beck Exp $ */ | 1 | /* $OpenBSD: x509_constraints.c,v 1.4 2020/09/18 08:28:45 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -808,7 +808,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names, | |||
| 808 | goto err; | 808 | goto err; |
| 809 | } | 809 | } |
| 810 | if (!x509_constraints_parse_mailbox(aname->data, | 810 | if (!x509_constraints_parse_mailbox(aname->data, |
| 811 | strlen(aname->data), vname)) { | 811 | aname->length, vname)) { |
| 812 | *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; | 812 | *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
| 813 | goto err; | 813 | goto err; |
| 814 | } | 814 | } |
| @@ -833,13 +833,14 @@ x509_constraints_extract_names(struct x509_constraints_names *names, | |||
| 833 | goto err; | 833 | goto err; |
| 834 | } | 834 | } |
| 835 | if (!x509_constraints_valid_host(aname->data, | 835 | if (!x509_constraints_valid_host(aname->data, |
| 836 | strlen(aname->data))) | 836 | aname->length)) |
| 837 | continue; /* ignore it if not a hostname */ | 837 | continue; /* ignore it if not a hostname */ |
| 838 | if ((vname = x509_constraints_name_new()) == NULL) { | 838 | if ((vname = x509_constraints_name_new()) == NULL) { |
| 839 | *error = X509_V_ERR_OUT_OF_MEM; | 839 | *error = X509_V_ERR_OUT_OF_MEM; |
| 840 | goto err; | 840 | goto err; |
| 841 | } | 841 | } |
| 842 | if ((vname->name = strdup(aname->data)) == NULL) { | 842 | if ((vname->name = strndup(aname->data, |
| 843 | aname->length)) == NULL) { | ||
| 843 | *error = X509_V_ERR_OUT_OF_MEM; | 844 | *error = X509_V_ERR_OUT_OF_MEM; |
| 844 | goto err; | 845 | goto err; |
| 845 | } | 846 | } |