From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Aug 2021 13:02:40 +0000 (+0100)
Subject: Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
X-Git-Tag: openssl-3.0.0~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=918430ba80d94ec8f05383b43b1872b1ebb13e1a;p=thirdparty%2Fopenssl.git

Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
---

diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c
index 7a7c91f776e..a931e01a9c9 100644
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -76,7 +76,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
     BIO_printf(out, "%*sPolicy Language: ", indent, "");
     i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
     if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-        BIO_printf(out, "\n%*sPolicy Text: %s", indent, "",
+        BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "",
+                   pci->proxyPolicy->policy->length,
                    pci->proxyPolicy->policy->data);
     return 1;
 }