mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix GENERAL_NAME_print to not assume NUL terminated strings

Browse Source 
ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Matt Caswell 2021-08-18 12:34:55 +01:00
parent 1747d4658b
commit b2b3b9c993
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/x509/v3_san.c
View File

@ -223,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
switch (nid) {
case NID_id_on_SmtpUTF8Mailbox:
BIO_printf(out, "othername:SmtpUTF8Mailbox:%s",
BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s",
gen->d.otherName->value->value.utf8string->length,
gen->d.otherName->value->value.utf8string->data);
break;
case NID_XmppAddr:
BIO_printf(out, "othername:XmppAddr:%s",
BIO_printf(out, "othername:XmppAddr:%.*s",
gen->d.otherName->value->value.utf8string->length,
gen->d.otherName->value->value.utf8string->data);
break;
case NID_SRVName:
BIO_printf(out, "othername:SRVName:%s",
BIO_printf(out, "othername:SRVName:%.*s",
gen->d.otherName->value->value.ia5string->length,
gen->d.otherName->value->value.ia5string->data);
break;
case NID_ms_upn:
BIO_printf(out, "othername:UPN:%s",
BIO_printf(out, "othername:UPN:%.*s",
gen->d.otherName->value->value.utf8string->length,
gen->d.otherName->value->value.utf8string->data);
break;
case NID_NAIRealm:
BIO_printf(out, "othername:NAIRealm:%s",
BIO_printf(out, "othername:NAIRealm:%.*s",
gen->d.otherName->value->value.utf8string->length,
gen->d.otherName->value->value.utf8string->data);
break;
default: