Prevent EBCDIC overread for very long strings
ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.
Issue reported by Guido Vranken.
CVE-2016-2176
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Showing
想要评论请 注册 或 登录