[openssl/openssl] d4d669: ossl-params: check length returned by strlen()
James Muir
noreply at github.com
Tue Dec 12 18:59:53 UTC 2023
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: d4d6694aa710c9970410a6836070daa6486a0ac0
https://github.com/openssl/openssl/commit/d4d6694aa710c9970410a6836070daa6486a0ac0
Author: James Muir <james at openssl.org>
Date: 2023-12-12 (Tue, 12 Dec 2023)
Changed paths:
M crypto/param_build.c
Log Message:
-----------
ossl-params: check length returned by strlen()
In param_build.c, the functions OSSL_PARAM_BLD_push_utf8_string() and
OSSL_PARAM_BLD_push_utf8_ptr() use strlen() to compute the length of
the string when bsize is zero. However, the size_t returned by
strlen() might be too large (it is stored in an intermediate "int"),
so check for that.
There are analogous functions in params.c, but they do not use an
intermediate "int" to store the size_t returned by strlen(). So there
is some inconsistency between the implementations.
Credit to Viktor D and Tomas M for spotting these missing checks.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22967)
More information about the openssl-commits
mailing list