From: Matt Caswell Date: Wed, 18 Aug 2021 11:34:55 +0000 (+0100) Subject: Fix GENERAL_NAME_print to not assume NUL terminated strings X-Git-Tag: openssl-3.0.0~92 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd;p=thirdparty%2Fopenssl.git Fix GENERAL_NAME_print to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin --- diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index 22cef053707..26708aefae0 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -223,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) switch (nid) { case NID_id_on_SmtpUTF8Mailbox: - BIO_printf(out, "othername:SmtpUTF8Mailbox:%s", + BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_XmppAddr: - BIO_printf(out, "othername:XmppAddr:%s", + BIO_printf(out, "othername:XmppAddr:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_SRVName: - BIO_printf(out, "othername:SRVName:%s", + BIO_printf(out, "othername:SRVName:%.*s", + gen->d.otherName->value->value.ia5string->length, gen->d.otherName->value->value.ia5string->data); break; case NID_ms_upn: - BIO_printf(out, "othername:UPN:%s", + BIO_printf(out, "othername:UPN:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_NAIRealm: - BIO_printf(out, "othername:NAIRealm:%s", + BIO_printf(out, "othername:NAIRealm:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; default: