generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: biomem->data is not zero terminated

Browse Source 
So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
This commit is contained in:
Daniel Stenberg 2014-05-04 00:50:10 +02:00
parent 45c037a127
commit 21aafd09f6
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/vtls/openssl.c
View File

@ -2117,7 +2117,7 @@ static int X509V3_ext(struct SessionHandle *data,
sep=", "; sep=", ";
j++; /* skip the newline */ j++; /* skip the newline */
}; };
while((biomem->data[j] == ' ') && (j<(size_t)biomem->length)) while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
j++; j++;
if(j<(size_t)biomem->length) if(j<(size_t)biomem->length)
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
@ -2159,8 +2159,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
BIO_get_mem_ptr(bio_out, &biomem); BIO_get_mem_ptr(bio_out, &biomem);
infof(data, "%s\n", biomem->data);
Curl_ssl_push_certinfo_len(data, numcert, Curl_ssl_push_certinfo_len(data, numcert,
"Cert", biomem->data, biomem->length); "Cert", biomem->data, biomem->length);