projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb4d2ed)
Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
authorMatt Caswell <matt@openssl.org>
Thu, 19 Aug 2021 11:23:38 +0000 (12:23 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Aug 2021 12:18:55 +0000 (13:18 +0100)
ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
crypto/asn1/t_spki.c patch | blob | history

diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index 51b56d0aa9f746bafbe3864c1a8c4cabf1ea98a0..64ee77eeecbafab4772aeebec4d85e60b5ab67df 100644 (file)
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
     }
     chal = spki->spkac->challenge;
     if (chal->length)
     }
     chal = spki->spkac->challenge;
     if (chal->length)
-        BIO_printf(out, "  Challenge String: %s\n", chal->data);
+        BIO_printf(out, "  Challenge String: %.*s\n", chal->length, chal->data);
     i = OBJ_obj2nid(spki->sig_algor.algorithm);
     BIO_printf(out, "  Signature Algorithm: %s",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
     i = OBJ_obj2nid(spki->sig_algor.algorithm);
     BIO_printf(out, "  Signature Algorithm: %s",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
Unnamed repository; edit this file 'description' to name the repository.