Searched hist:370450 (Results 1 - 1 of 1) sorted by relevance
| /freebsd-11-stable/crypto/openssl/crypto/asn1/ | ||
| H A D | t_x509a.c | diff 370450 Tue Aug 31 16:40:13 MDT 2021 git2svn openssl: Fix a read buffer overrun in X509_CERT_AUX_print() This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed the same bug but in master/1.1.1 it is in the function X509_aux_print(). The original commit had the following description: Fix a read buffer overrun in X509_aux_print(). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the return value from X509_alias_get0(3) is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for X509_print_ex(3) and related functions. Theo Buehler <tb@openbsd.org> checked my patch to fix the same bug in LibreSSL, see http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9 As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard. CVE-2021-3712 Reviewed-by: Paul Dale <pauli@openssl.org> Git Hash: c40b21a7e2a030434d6850c28a4217c46b33577b Git Author: matt@openssl.org |
Completed in 43 milliseconds