]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1747d46)
Fix GENERAL_NAME_print to not assume NUL terminated strings
authorMatt Caswell <matt@openssl.org>
Wed, 18 Aug 2021 11:34:55 +0000 (12:34 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Aug 2021 13:22:06 +0000 (14:22 +0100)
ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
crypto/x509/v3_san.c patch | blob | blame | history

diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 22cef0537076a916217d9611637d09289f95002b..26708aefae06db80bbd596daf8471548e17da47a 100644 (file)
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -223,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
 
         switch (nid) {
         case NID_id_on_SmtpUTF8Mailbox:
-            BIO_printf(out, "othername:SmtpUTF8Mailbox:%s",
+            BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_XmppAddr:
-            BIO_printf(out, "othername:XmppAddr:%s",
+            BIO_printf(out, "othername:XmppAddr:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_SRVName:
-            BIO_printf(out, "othername:SRVName:%s",
+            BIO_printf(out, "othername:SRVName:%.*s",
+                       gen->d.otherName->value->value.ia5string->length,
                        gen->d.otherName->value->value.ia5string->data);
             break;
         case NID_ms_upn:
-            BIO_printf(out, "othername:UPN:%s",
+            BIO_printf(out, "othername:UPN:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_NAIRealm:
-            BIO_printf(out, "othername:NAIRealm:%s",
+            BIO_printf(out, "othername:NAIRealm:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         default:
A mirror of the official openssl repository