Browse Source

Allow fuzz builds to detect string overruns

If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
master
Matt Caswell 2 months ago
parent
commit
e20fc2ee4f
1 changed files with 11 additions and 1 deletions
  1. +11
    -1
      crypto/asn1/asn1_lib.c

+ 11
- 1
crypto/asn1/asn1_lib.c View File

@ -301,7 +301,12 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
}
if ((size_t)str->length <= len || str->data == NULL) {
c = str->data;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* No NUL terminator in fuzzing builds */
str->data = OPENSSL_realloc(c, len);
#else
str->data = OPENSSL_realloc(c, len + 1);
#endif
if (str->data == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
str->data = c;
@ -311,8 +316,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
str->length = len;
if (data != NULL) {
memcpy(str->data, data, len);
/* an allowance for strings :-) */
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/*
* Add a NUL terminator. This should not be necessary - but we add it as
* a safety precaution
*/
str->data[len] = '\0';
#endif
}
return 1;
}


Loading…
Cancel
Save