diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index e0e6615f0..dd202f440 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -499,6 +499,8 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str)
+ continue;
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index 01d72afb2..e0e6615f0 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -300,7 +300,7 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int
*len, int flags)
if (!buf_ptr) {
snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
+ "not enough space or error in allocation for extension\n");
BIO_vfree(bio);
return NULL;
}
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index dd202f440..7d6db6ae6 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -290,8 +290,11 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int
*len, int flags)
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
+ if (*len < space + 1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ BIO_vfree(bio);
+ return NULL;
+ }
else
buf_ptr = *buf;
}
@@ -299,8 +302,7 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf, int
*len, int flags)
buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extension\n");
+ snmp_log(LOG_ERR, "error in allocation for extension\n");
BIO_vfree(bio);
return NULL;
}
@@ -479,7 +481,7 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,8 +501,11 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
- if (!str)
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index 7d6db6ae6..c092a007a 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -284,33 +284,30 @@ _cert_get_extension(X509_EXTENSION *oext, char **buf,
int *len, int flags)
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
if (*len < space + 1) {
snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
- else
- buf_ptr = *buf;
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
snmp_log(LOG_ERR, "error in allocation for extension\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912389
Title:
[Patch] SIGSEGV: crash when certificate contains extension longer
than 512 bytes
To manage notifications about this bug go to:
https://bugs.launchpad.net/netsnmp/+bug/1912389/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
