ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
if (!TEST_ptr(statusString =
sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si),
0))
- || !TEST_str_eq(fixture->text, (char *)statusString->data))
+ || !TEST_mem_eq(fixture->text, strlen(fixture->text),
+ (char *)statusString->data, statusString->length))
goto end;
if (!TEST_int_eq(fixture->pkifailure,
break;
case V_ASN1_UTF8STRING:
- if (!TEST_str_eq(txt, (char *)av->value.utf8string->data))
+ if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
+ av->value.utf8string->length))
goto err;
break;
case V_ASN1_OCTET_STRING:
- if (!TEST_str_eq(txt, (char *)av->value.octet_string->data))
+ if (!TEST_mem_eq(txt, strlen(txt),
+ (char *)av->value.octet_string->data,
+ av->value.octet_string->length))
goto err;
break;
/* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
if (t != NULL && x509_format_tests[idx].expected_string) {
- if (!TEST_str_eq((const char *)t->data,
- x509_format_tests[idx].expected_string)) {
- TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n",
- idx, x509_format_tests[idx].expected_string, t->data);
+ if (!TEST_mem_eq((const char *)t->data, t->length,
+ x509_format_tests[idx].expected_string,
+ strlen(x509_format_tests[idx].expected_string))) {
+ TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n",
+ idx, x509_format_tests[idx].expected_string, t->length,
+ t->data);
goto out;
}
}