Arne Ansper wrote:
>
> hi!
>
> one of my colleagues, Meelis Roos, found a bug in ASN1 routines.
> ASN1_STRING_set allocates one extra byte for terminating '\0', so that one
> can use str* functions directly. however it (correctly) doesn't reflect
> this extra byte in length field. there are two other routines which create
> strings. d2i_ASN1_type_bytes correctly allocates extra byte and sets the
> terminator, but more often used d2i_ASN1_bytes doesn't.
> d2i_ASN1_OCTET_STRING uses d2i_ASN1_bytes and does not allocate extra
> byte. now calling ASN1_OCTET_STRING_set with exactly same length as
> previously allocated causes one byte to be overwritten with '\0'.
> sometimes it's really disastrous. i think that d2i_ASN1_bytes (and
> perhapse some other routines) should be fixed, to allocate this extra
> byte.
>
I'll look into it. This behaviour makes sense for the "string types"
that can be null terminated. However for things like OCTET STRING,
BMPString and UniversalString this doesn't make much sense because str*
wouldn't work on them.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
