[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Dr. Stephen Henson steve at openssl.org
Fri Aug 5 18:04:39 UTC 2016


The branch OpenSSL_1_0_1-stable has been updated
       via  7a4979815b3ce7d280ed30b3b1df2a23481c2331 (commit)
      from  d23de0bbf9e2c7a64065e2bf1907c6cceda78eb9 (commit)


- Log -----------------------------------------------------------------
commit 7a4979815b3ce7d280ed30b3b1df2a23481c2331
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri Aug 5 17:59:32 2016 +0100

    Sanity check input length in OPENSSL_uni2asc().
    
    Thanks to Hanno Böck for reporting this bug.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 39a43280316f1b9c45be5ac5b04f4f5c3f923686)
    
    Conflicts:
    	crypto/pkcs12/p12_utl.c

-----------------------------------------------------------------------

Summary of changes:
 crypto/pkcs12/p12_utl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index a0b992e..e466f76 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -91,6 +91,10 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
 {
     int asclen, i;
     char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
     asclen = unilen / 2;
     /* If no terminating zero allow for one */
     if (!unilen || uni[unilen - 1])


More information about the openssl-commits mailing list