projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2015a7) | patch
Fix CMP code to not assume NUL terminated strings
authorMatt Caswell <matt@openssl.org>
Wed, 18 Aug 2021 16:37:23 +0000 (17:37 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Aug 2021 13:22:06 +0000 (14:22 +0100)
commit95f8c1e142df835d03b5b62521383a462fc5470d
treebf447a92c125f2e73e869510356b895fc094c52ctree | snapshot
parentd2015a783e64613d8e4a142fa05048d1863df944commit | diff
Fix CMP code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
crypto/cmp/cmp_hdr.c diff | blob | history
crypto/cmp/cmp_local.h diff | blob | history
crypto/cmp/cmp_msg.c diff | blob | history
crypto/cmp/cmp_status.c diff | blob | history
crypto/cmp/cmp_util.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.