Browse Source

Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
master
Matt Caswell 10 months ago
parent
commit
918430ba80
1 changed files with 2 additions and 1 deletions
  1. +2
    -1
      crypto/x509/v3_pci.c

+ 2
- 1
crypto/x509/v3_pci.c View File

@ -76,7 +76,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
BIO_printf(out, "%*sPolicy Language: ", indent, "");
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
BIO_printf(out, "\n%*sPolicy Text: %s", indent, "",
BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "",
pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data);
return 1;
}


Loading…
Cancel
Save