diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-05 17:59:32 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-05 19:00:34 +0100 |
| commit | 13bacff9aa9a457218ccdcf83224357c9464676e (patch) | |
| tree | 89f2e410528e4576a078b4b0d47a107911dd6723 | |
| parent | e1be1dce7722ee40ced16b1b91d5e1b9fce13d08 (diff) | |
| download | openssl-13bacff9aa9a457218ccdcf83224357c9464676e.tar.gz | |
Sanity check input length in OPENSSL_uni2asc().
Thanks to Hanno Böck for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 39a43280316f1b9c45be5ac5b04f4f5c3f923686)
Conflicts:
crypto/pkcs12/p12_utl.c
| -rw-r--r-- | crypto/pkcs12/p12_utl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index a0b992eab6..e466f762ff 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -91,6 +91,10 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; + + /* string must contain an even number of bytes */ + if (unilen & 1) + return NULL; asclen = unilen / 2; /* If no terminating zero allow for one */ if (!unilen || uni[unilen - 1]) |