diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 11:39:03 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-06 12:59:51 +1000 |
commit | 60eba30f60de55e3c782469fa555eede82606099 (patch) | |
tree | 682efcc6cc77d5759c2ffa2d61897ccb28ee5018 /crypto/asn1/a_mbstr.c | |
parent | eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (diff) |
Memory bounds checking in asn1 code.
Check that sprint, strcpy don't overflow.
Avoid some strlen operations when the previous sprintf return value can be used.
Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer.
ISO/IEC 9899:1999 6.5/7 for the details.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3869)
Diffstat (limited to 'crypto/asn1/a_mbstr.c')
-rw-r--r-- | crypto/asn1/a_mbstr.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 46764b292c..e644fe0542 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,14 +100,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - sprintf(strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - sprintf(strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } |