From: "Long, Qin" <qin.l...@intel.com> Some environments, such as 32-bit UEFI, have strict limits on stack size. Using a 4KiB buffer on the stack for reading from p7bio is somewhat excessive, so allocate it on the heap instead. --- Alternatively, we could leave it on the stack and reduce it to 256 bytes or something like that. It's not as if performance is really an issue here if we do that, right?
crypto/pkcs7/pk7_smime.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index e52e746..077b06d 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -253,7 +253,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs,
X509_STORE *store,
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char *buf = NULL;
+ int bufsiz;
int i, j = 0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -365,9 +366,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs,
X509_STORE *store,
} else
tmpout = out;
+ bufsiz = 4096;
+ buf = OPENSSL_malloc(bufsiz);
+ if (buf == NULL) {
+ goto err;
+ }
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
+ i = BIO_read(p7bio, buf, bufsiz);
if (i <= 0)
break;
if (tmpout)
@@ -407,6 +413,10 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs,
X509_STORE *store,
sk_X509_free(signers);
+ if (buf != NULL) {
+ OPENSSL_free(buf);
+ }
+
return ret;
}
--
2.4.3
--
David Woodhouse Open Source Technology Centre
david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
