From: Richard Levitte <levitte@openssl.org>
Date: Thu, 20 Aug 2020 19:31:33 +0000 (+0200)
Subject: crypto/x509/v3_utl.c: Fix IPv6 output in ipaddr_to_asc()
X-Git-Tag: openssl-3.0.0-alpha7~483
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb800ef5533947b8583d42a8f767f6ff385d2c17;p=thirdparty%2Fopenssl.git

crypto/x509/v3_utl.c: Fix IPv6 output in ipaddr_to_asc()

Fixes #12695

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12696)
---

diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index acb0e35a425..9083ed86869 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -978,7 +978,12 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
 
 char *ipaddr_to_asc(unsigned char *p, int len)
 {
+    /*
+     * 40 is enough space for the longest IPv6 address + nul terminator byte
+     * XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX\0
+     */
     char buf[40], *out;
+    int i = 0, remain = 0, bytes = 0;
 
     switch (len) {
     case 4: /* IPv4 */
@@ -986,11 +991,14 @@ char *ipaddr_to_asc(unsigned char *p, int len)
         break;
         /* TODO possibly combine with static i2r_address() in v3_addr.c */
     case 16: /* IPv6 */
-        for (out = buf; out < buf + 8 * 3; out += 3) {
-            BIO_snprintf(out, 3 + 1, "%X:", p[0] << 8 | p[1]);
+        for (out = buf, i = 8, remain = sizeof(buf);
+             i-- > 0 && bytes >= 0;
+             remain -= bytes, out += bytes) {
+            const char *template = (i > 0 ? "%X:" : "%X");
+
+            bytes = BIO_snprintf(out, remain, template, p[0] << 8 | p[1]);
             p += 2;
         }
-        out[-1] = '\0';
         break;
     default:
         BIO_snprintf(buf, sizeof(buf), "<invalid length=%d>", len);