[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue May 3 09:29:56 UTC 2016
The branch master has been updated
via ea96ad5a206b7b5f25dad230333e8ff032df3219 (commit)
from 3f3582139fbb259a1c3cbb0a25236500a409bf26 (commit)
- Log -----------------------------------------------------------------
commit ea96ad5a206b7b5f25dad230333e8ff032df3219
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 28 10:46:55 2016 +0100
Prevent EBCDIC overread for very long strings
ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.
Issue reported by Guido Vranken.
CVE-2016-2176
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_obj.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index f6c348f..eaa03f2 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q, (num > (int)sizeof(ebcdic_buf))
- ? (int)sizeof(ebcdic_buf) : num);
+ if (num > (int)sizeof(ebcdic_buf))
+ num = sizeof(ebcdic_buf);
+ ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
More information about the openssl-commits
mailing list