[openssl-dev] [openssl.org #3671] Bug in TS_check_status_info in ts_rsp_verify.c [PATCH]
Perrow, Graeme via RT
rt at openssl.org
Tue Jan 20 18:55:45 UTC 2015
Our code-scanning tool has found another bug in OpenSSl 1.0.1k. In TS_check_status_info (in crypto/ts/ts_rsp_verify.c), if an error occurs we create a string which is intended to be a comma-separated list of error strings. However when adding the comma between error strings, strcpy is used rather than strcat. This means that if more than one error bit is set, the resulting string will be ",x" where x is the text associated with the LAST error; all other errors will be overwritten.
My guess is that having multiple failures is very rare, so very few people have run into this problem.
I have attached a patch.
Graeme Perrow
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ts_check_status_info.patch
Type: application/octet-stream
Size: 489 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150120/8db58bc3/attachment.obj>
More information about the openssl-dev
mailing list