[openssl] OpenSSL_1_1_1-stable update

tomas at openssl.org tomas at openssl.org
Tue Jul 20 07:42:00 UTC 2021

The branch OpenSSL_1_1_1-stable has been updated
       via  d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (commit)
      from  c5b2c075feea9ae3810cc0493bbdf962d3257329 (commit)

- Log -----------------------------------------------------------------
commit d9d838ddc0ed083fb4c26dd067e71aad7c65ad16
Author: Ingo Schwarze <schwarze at openbsd.org>
Date:   Sun Jul 18 17:48:06 2021 +0200

    Fix a read buffer overrun in X509_aux_print().
    The ASN1_STRING_get0_data(3) manual explitely cautions the reader
    that the data is not necessarily NUL-terminated, and the function
    X509_alias_set1(3) does not sanitize the data passed into it in any
    way either, so we must assume the return value from X509_alias_get0(3)
    is merely a byte array and not necessarily a string in the sense
    of the C language.
    I found this bug while writing manual pages for X509_print_ex(3)
    and related functions.  Theo Buehler <tb at openbsd.org> checked my
    patch to fix the same bug in LibreSSL, see
    As an aside, note that the function still produces incomplete and
    misleading results when the data contains a NUL byte in the middle
    and that error handling is consistently absent throughout, even
    though the function provides an "int" return value obviously intended
    to be 1 for success and 0 for failure, and even though this function
    is called by another function that also wants to return 1 for success
    and 0 for failure and even does so in many of its code paths, though
    not in others.  But let's stay focussed.  Many things would be nice
    to have in the wide wild world, but a buffer overflow must not be
    allowed to remain in our backyard.
    CLA: trivial
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16108)
    (cherry picked from commit c5dc9ab965f2a69bca964c709e648158f3e4cd67)


Summary of changes:
 crypto/x509/t_x509.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 12d807f705..3ba0b3a045 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
         BIO_puts(out, "\n");
     } else
         BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-    alias = X509_alias_get0(x, NULL);
+    alias = X509_alias_get0(x, &i);
     if (alias)
-        BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+        BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);
     keyid = X509_keyid_get0(x, &keyidlen);
     if (keyid) {
         BIO_printf(out, "%*sKey Id: ", indent, "");

More information about the openssl-commits mailing list