mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix append_ia5 function to not assume NUL terminated strings

Browse Source 
ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Matt Caswell 2021-08-18 17:58:23 +01:00
parent 1f365708a3
commit 98624776c4
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/x509/v3_utl.c
View File

@ -529,17 +529,25 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk,
/* First some sanity checks */
if (email->type != V_ASN1_IA5STRING)
return 1;
if (!email->data || !email->length)
if (email->data == NULL || email->length == 0)
return 1;
if (memchr(email->data, 0, email->length) != NULL)
return 1;
if (*sk == NULL)
*sk = sk_OPENSSL_STRING_new(sk_strcmp);
if (*sk == NULL)
return 0;
emtmp = OPENSSL_strndup((char *)email->data, email->length);
if (emtmp == NULL)
return 0;
/* Don't add duplicates */
if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
OPENSSL_free(emtmp);
return 1;
emtmp = OPENSSL_strdup((char *)email->data);
if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
}
if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
OPENSSL_free(emtmp); /* free on push failure */
X509_email_free(*sk);
*sk = NULL;