mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allocate ASN1_bn_print buffer internally.

Browse Source 
Don't require an application to work out the appropriate buffer size for
ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate
it internally instead.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2016-02-04 18:53:07 +00:00
parent 907e950068
commit ac3e366501
1 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
crypto/asn1/t_pkey.c
View File

@ -91,14 +91,16 @@ int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent)
}
int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
unsigned char *buf, int indent)
unsigned char *ign, int indent)
{
int n;
int n, rv = 0;
const char *neg;
unsigned char *buf = NULL, *tmp = NULL;
int buflen;
if (num == NULL)
return 1;
neg = (BN_is_negative(num)) ? "-" : "";
neg = BN_is_negative(num) ? "-" : "";
if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
return 0;
if (BN_is_zero(num)) {
@ -111,21 +113,29 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
(unsigned long)bn_get_words(num)[0], neg,
(unsigned long)bn_get_words(num)[0]) <= 0)
return (0);
} else {
buf[0] = 0;
if (BIO_printf(bp, "%s%s\n", number,
(neg[0] == '-') ? " (Negative)" : "") <= 0)
return (0);
n = BN_bn2bin(num, &buf[1]);
if (buf[1] & 0x80)
n++;
else
buf++;
if (ASN1_buf_print(bp, buf, n, indent + 4) == 0)
return 0;
return 1;
}
return 1;
buflen = BN_num_bytes(num) + 1;
buf = tmp = OPENSSL_malloc(buflen);
if (buf == NULL)
goto err;
buf[0] = 0;
if (BIO_printf(bp, "%s%s\n", number,
(neg[0] == '-') ? " (Negative)" : "") <= 0)
goto err;
n = BN_bn2bin(num, buf + 1);
if (buf[1] & 0x80)
n++;
else
tmp++;
if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0)
goto err;
rv = 1;
err:
OPENSSL_clear_free(buf, buflen);
return rv;
}