From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 23 May 2017 10:19:48 +0000 (+0200)
Subject: asn1: Make sure the first argument to sscanf() is null-terminated
X-Git-Tag: 5.5.3~26^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=411bda68362685e2830b2e26df9f661eb69f8cc3;p=thirdparty%2Fstrongswan.git

asn1: Make sure the first argument to sscanf() is null-terminated
---

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 5ce8403257..8b9dc1c487 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -350,13 +350,15 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 	int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
 	int tz_hour, tz_min, tz_offset;
 	time_t tm_days, tm_secs;
-	u_char *eot = NULL;
+	char buf[BUF_LEN], *eot = NULL;
 
-	if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
+	snprintf(buf, sizeof(buf), "%.*s", (int)utctime->len, utctime->ptr);
+
+	if ((eot = strchr(buf, 'Z')) != NULL)
 	{
 		tz_offset = 0; /* Zulu time with a zero time zone offset */
 	}
-	else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
+	else if ((eot = strchr(buf, '+')) != NULL)
 	{
 		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
 		{
@@ -364,7 +366,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 		}
 		tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
 	}
-	else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
+	else if ((eot = strchr(buf, '-')) != NULL)
 	{
 		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
 		{
@@ -382,15 +384,15 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 		const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 													 "%4d%2d%2d%2d%2d";
 
-		if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
-										 &tm_hour, &tm_min) != 5)
+		if (sscanf(buf, format, &tm_year, &tm_mon, &tm_day,
+								&tm_hour, &tm_min) != 5)
 		{
 			return 0; /* error in [yy]yymmddhhmm time format */
 		}
 	}
 
 	/* is there a seconds field? */
-	if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
+	if ((eot - buf) == ((type == ASN1_UTCTIME)?12:14))
 	{
 		if (sscanf(eot-2, "%2d", &tm_sec) != 1)
 		{