summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbeck <>2020-09-18 08:28:45 +0000
committerbeck <>2020-09-18 08:28:45 +0000
commit35499e098212b0760dc798d74485a18ce7765dd3 (patch)
tree993fd81b42d6123a6ef8e9038098ad5627467532 /src
parent181e322485985db2e19534d34ecc9005bd54c698 (diff)
downloadopenbsd-35499e098212b0760dc798d74485a18ce7765dd3.tar.gz
openbsd-35499e098212b0760dc798d74485a18ce7765dd3.tar.bz2
openbsd-35499e098212b0760dc798d74485a18ce7765dd3.zip
Fix potential overflow in CN subject line parsing, thanks to
ASN1_STRING - the gift that keeps on giving. Found by Guido Vranken's cryptofuzzer. ok tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_constraints.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index d89ffd650d..ecb9de0d95 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_constraints.c,v 1.3 2020/09/14 09:43:33 beck Exp $ */ 1/* $OpenBSD: x509_constraints.c,v 1.4 2020/09/18 08:28:45 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -808,7 +808,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
808 goto err; 808 goto err;
809 } 809 }
810 if (!x509_constraints_parse_mailbox(aname->data, 810 if (!x509_constraints_parse_mailbox(aname->data,
811 strlen(aname->data), vname)) { 811 aname->length, vname)) {
812 *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; 812 *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
813 goto err; 813 goto err;
814 } 814 }
@@ -833,13 +833,14 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
833 goto err; 833 goto err;
834 } 834 }
835 if (!x509_constraints_valid_host(aname->data, 835 if (!x509_constraints_valid_host(aname->data,
836 strlen(aname->data))) 836 aname->length))
837 continue; /* ignore it if not a hostname */ 837 continue; /* ignore it if not a hostname */
838 if ((vname = x509_constraints_name_new()) == NULL) { 838 if ((vname = x509_constraints_name_new()) == NULL) {
839 *error = X509_V_ERR_OUT_OF_MEM; 839 *error = X509_V_ERR_OUT_OF_MEM;
840 goto err; 840 goto err;
841 } 841 }
842 if ((vname->name = strdup(aname->data)) == NULL) { 842 if ((vname->name = strndup(aname->data,
843 aname->length)) == NULL) {
843 *error = X509_V_ERR_OUT_OF_MEM; 844 *error = X509_V_ERR_OUT_OF_MEM;
844 goto err; 845 goto err;
845 } 846 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-01 22:01:41 +0000