a_strex.c: prevent out of bound read in do_buf()#6105
a_strex.c: prevent out of bound read in do_buf()#6105mspncp wants to merge 1 commit intoopenssl:masterfrom
Conversation
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*().
| outlen = 0; | ||
| charwidth = type & BUF_TYPE_WIDTH_MASK; | ||
|
|
||
| switch (charwidth) { |
There was a problem hiding this comment.
| i = UTF8_getc(p, buflen, &c); | ||
| if (i < 0) | ||
| return -1; /* Invalid UTF8String */ | ||
| buflen -= i; |
There was a problem hiding this comment.
|
@levitte, you're faster than the speed of light! 😉 |
|
Should I backport this? |
Are you on the moon? 😁
Sure... although, does it cherry-pick cleanly to 1.1.0? Then there's no need to make a separate PR... |
Well, you approved the pull request before I finished documenting it. So you must have travelled back in time, i.e. faster than the speed of light.
Well, the changes to |
|
Travis failure is caused by |
For 1.0.2, we don't care, since 1.1.0 has renumbered more or less everything anyway. |
I was actually talking about backporting from master to 1.1.0. Is it necessary and/or desirable that the error codes (here: ASN1_F_DO_BUF) are the same value on both branches? If yes, the conflicts need to be resolved manually. If no, it would be sufficient to only cherry-pick the changes made to |
|
Hmmm, we usually do keep the numbers in sync between 1.1.0 and 1.1.1, so... |
|
Giving travis another try... |
mspncp
added
approval: done
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte <[email protected]> (Merged from #6105)
2 participants
...which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*().