Prevent EBCDIC overread for very long strings

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Issue reported by Guido Vranken. CVE-2016-2176 Reviewed-by: N Andy Polyakov <appro@openssl.org>

Prevent EBCDIC overread for very long strings
ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Issue reported by Guido Vranken. CVE-2016-2176 Reviewed-by: N Andy Polyakov <appro@openssl.org>
ea96ad5a · Matt Caswell · 3f358213 · ea96ad5a
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

crypto/x509/x509_obj.c crypto/x509/x509_obj.c +3 -2

未找到文件。
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
            type == V_ASN1_PRINTABLESTRING ||
            type == V_ASN1_TELETEXSTRING ||
            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-            ascii2ebcdic(ebcdic_buf, q, (num > (int)sizeof(ebcdic_buf))
-                         ? (int)sizeof(ebcdic_buf) : num);
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
            q = ebcdic_buf;
        }
 #endif