From b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 18 Aug 2021 12:34:55 +0100 Subject: [PATCH] Fix GENERAL_NAME_print to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin --- crypto/x509/v3_san.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index 22cef053707..26708aefae0 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -223,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) switch (nid) { case NID_id_on_SmtpUTF8Mailbox: - BIO_printf(out, "othername:SmtpUTF8Mailbox:%s", + BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_XmppAddr: - BIO_printf(out, "othername:XmppAddr:%s", + BIO_printf(out, "othername:XmppAddr:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_SRVName: - BIO_printf(out, "othername:SRVName:%s", + BIO_printf(out, "othername:SRVName:%.*s", + gen->d.otherName->value->value.ia5string->length, gen->d.otherName->value->value.ia5string->data); break; case NID_ms_upn: - BIO_printf(out, "othername:UPN:%s", + BIO_printf(out, "othername:UPN:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_NAIRealm: - BIO_printf(out, "othername:NAIRealm:%s", + BIO_printf(out, "othername:NAIRealm:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; default: -- 2.47.3