The branch master has been updated via ea96ad5a206b7b5f25dad230333e8ff032df3219 (commit) from 3f3582139fbb259a1c3cbb0a25236500a409bf26 (commit)
- Log ----------------------------------------------------------------- commit ea96ad5a206b7b5f25dad230333e8ff032df3219 Author: Matt Caswell <m...@openssl.org> Date: Thu Apr 28 10:46:55 2016 +0100 Prevent EBCDIC overread for very long strings ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Issue reported by Guido Vranken. CVE-2016-2176 Reviewed-by: Andy Polyakov <ap...@openssl.org> ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_obj.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index f6c348f..eaa03f2 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) type == V_ASN1_PRINTABLESTRING || type == V_ASN1_TELETEXSTRING || type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) { - ascii2ebcdic(ebcdic_buf, q, (num > (int)sizeof(ebcdic_buf)) - ? (int)sizeof(ebcdic_buf) : num); + if (num > (int)sizeof(ebcdic_buf)) + num = sizeof(ebcdic_buf); + ascii2ebcdic(ebcdic_buf, q, num); q = ebcdic_buf; } #endif _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits