diff options
| author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-08-08 04:53:44 +0000 |
|---|---|---|
| committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-08-08 04:53:44 +0000 |
| commit | f461025ca2d54788438130a57559afca8ce6b761 (patch) | |
| tree | 3091e1646a6d040376348536f790868486cb28e4 /lib/libcrypto/objects | |
| parent | 2d70041a7700bfdad83c942336b8bd9e48546c2c (diff) | |
Fix CVE-2014-3508, pretty printing and OID validation:
- make sure the output buffer is always NUL terminated if buf_len
was initially greater than zero.
- reject OIDs that are too long, too short, or not in proper base-127
Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87
ok bcook@
Diffstat (limited to 'lib/libcrypto/objects')
| -rw-r--r-- | lib/libcrypto/objects/obj_dat.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c index 071febba524..15c298e3330 100644 --- a/lib/libcrypto/objects/obj_dat.c +++ b/lib/libcrypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.30 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.31 2014/08/08 04:53:43 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -495,6 +495,10 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) unsigned long l; const unsigned char *p; + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) goto err; @@ -554,8 +558,9 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) i = (int)(l / 40); l -= (long)(i * 40); } - if (buf_len > 0) { + if (buf_len > 1) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } ret++; |