diff options
| author | schwarze <> | 2021-08-29 19:56:40 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-08-29 19:56:40 +0000 |
| commit | b107f33a109e9b33061c906a9df402295f24b822 (patch) | |
| tree | 6fa76fa674827a93fd943d279597176393df7a9c /src/regress/usr.bin/openssl | |
| parent | c76670890900dadb631c27f0e0c40d5aa8cb03f5 (diff) | |
| download | openbsd-b107f33a109e9b33061c906a9df402295f24b822.tar.gz openbsd-b107f33a109e9b33061c906a9df402295f24b822.tar.bz2 openbsd-b107f33a109e9b33061c906a9df402295f24b822.zip | |
Do not call X509_alias_get0(3) with NULL as the second argument.
Even if the buffer is guaranteed to be NUL-terminated in a particular
case, it is still setting a bad example. Besides, it is unclear
to me whether there is any such guarantee in the case at hand.
Checking that would require auditing all of d2i_X509_bio(3),
ASN1_item_d2i_bio(&NETSCAPE_X509_it, ...), PEM_read_bio_X509_AUX(3),
and PKCS12_parse(3), since no such guarantee is documented for any
of these functions, and even then it would remain fragile with
respect to later changes of implementation details.
In the worst case, this could potentially result in a read buffer
overrun.
OK tb@ on an earlier version of this patch.
While we are here, deraadt@ requested to not use the word "string" in the
name of a variable that is not a string in the sense of the C language.
Diffstat (limited to 'src/regress/usr.bin/openssl')
0 files changed, 0 insertions, 0 deletions