From 741a9690df52b947861deeafec87ab86074c0929 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Tue, 6 Feb 2001 02:54:02 +0000 Subject: [PATCH] Fix potential buffer overrun for EBCDIC. --- CHANGES | 3 +++ crypto/x509v3/v3_prn.c | 26 ++++++++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f817e93566..e3f2653945 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,9 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Fix potential buffer overrun for EBCDIC. + [Ulf Moeller] + *) New function OCSP_copy_nonce() to copy nonce value (if present) from request to response. [Steve Henson] diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 62ec1f1db3..8a7659eefc 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -87,9 +87,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) else BIO_printf(out, "%s:%s", nval->name, nval->value); #else else { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); - BIO_printf(out, "%s:%s", nval->name, tmp); + int len; + char *tmp; + len = strlen(nval->value)+1; + tmp = OPENSSL_malloc(len); + if (tmp) + { + ascii2ebcdic(tmp, nval->value, len); + BIO_printf(out, "%s:%s", nval->name, tmp); + OPENSSL_free(tmp); + } } #endif if(ml) BIO_puts(out, "\n"); @@ -123,9 +130,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde BIO_printf(out, "%*s%s", indent, "", value); #else { - char tmp[10240]; /* 10k is BIO_printf's limit anyway */ - ascii2ebcdic(tmp, value, strlen(value)+1); - BIO_printf(out, "%*s%s", indent, "", tmp); + int len; + char *tmp; + len = strlen(value)+1; + tmp = OPENSSL_malloc(len); + if (tmp) + { + ascii2ebcdic(tmp, value, len); + BIO_printf(out, "%*s%s", indent, "", tmp); + OPENSSL_free(tmp); + } } #endif } else if(method->i2v) { -- GitLab