diff options
| author | schwarze <> | 2021-08-29 19:56:40 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-08-29 19:56:40 +0000 |
| commit | b107f33a109e9b33061c906a9df402295f24b822 (patch) | |
| tree | 6fa76fa674827a93fd943d279597176393df7a9c /src | |
| parent | c76670890900dadb631c27f0e0c40d5aa8cb03f5 (diff) | |
| download | openbsd-b107f33a109e9b33061c906a9df402295f24b822.tar.gz openbsd-b107f33a109e9b33061c906a9df402295f24b822.tar.bz2 openbsd-b107f33a109e9b33061c906a9df402295f24b822.zip | |
Do not call X509_alias_get0(3) with NULL as the second argument.
Even if the buffer is guaranteed to be NUL-terminated in a particular
case, it is still setting a bad example. Besides, it is unclear
to me whether there is any such guarantee in the case at hand.
Checking that would require auditing all of d2i_X509_bio(3),
ASN1_item_d2i_bio(&NETSCAPE_X509_it, ...), PEM_read_bio_X509_AUX(3),
and PKCS12_parse(3), since no such guarantee is documented for any
of these functions, and even then it would remain fragile with
respect to later changes of implementation details.
In the worst case, this could potentially result in a read buffer
overrun.
OK tb@ on an earlier version of this patch.
While we are here, deraadt@ requested to not use the word "string" in the
name of a variable that is not a string in the sense of the C language.
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/x509.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c index 9a2fdd9d16..3102be9ba3 100644 --- a/src/usr.bin/openssl/x509.c +++ b/src/usr.bin/openssl/x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.c,v 1.23 2021/04/07 10:44:03 inoguchi Exp $ */ | 1 | /* $OpenBSD: x509.c,v 1.24 2021/08/29 19:56:40 schwarze Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1016,10 +1016,12 @@ x509_main(int argc, char **argv) | |||
| 1016 | sk_OPENSSL_STRING_value(emlst, j)); | 1016 | sk_OPENSSL_STRING_value(emlst, j)); |
| 1017 | X509_email_free(emlst); | 1017 | X509_email_free(emlst); |
| 1018 | } else if (x509_config.aliasout == i) { | 1018 | } else if (x509_config.aliasout == i) { |
| 1019 | unsigned char *alstr; | 1019 | unsigned char *albuf; |
| 1020 | alstr = X509_alias_get0(x, NULL); | 1020 | int buflen; |
| 1021 | if (alstr != NULL) | 1021 | albuf = X509_alias_get0(x, &buflen); |
| 1022 | BIO_printf(STDout, "%s\n", alstr); | 1022 | if (albuf != NULL) |
| 1023 | BIO_printf(STDout, "%.*s\n", | ||
| 1024 | buflen, albuf); | ||
| 1023 | else | 1025 | else |
| 1024 | BIO_puts(STDout, "<No Alias>\n"); | 1026 | BIO_puts(STDout, "<No Alias>\n"); |
| 1025 | } else if (x509_config.subject_hash == i) { | 1027 | } else if (x509_config.subject_hash == i) { |