diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 11:39:03 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-06 12:59:51 +1000 |
commit | 60eba30f60de55e3c782469fa555eede82606099 (patch) | |
tree | 682efcc6cc77d5759c2ffa2d61897ccb28ee5018 /crypto/asn1/a_time.c | |
parent | eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (diff) | |
download | openssl-60eba30f60de55e3c782469fa555eede82606099.tar.gz |
Memory bounds checking in asn1 code.
Check that sprint, strcpy don't overflow.
Avoid some strlen operations when the previous sprintf return value can be used.
Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer.
ISO/IEC 9899:1999 6.5/7 for the details.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3869)
Diffstat (limited to 'crypto/asn1/a_time.c')
-rw-r--r-- | crypto/asn1/a_time.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index f0ec42f71c..fc78e309a6 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,17 +81,20 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, goto done; } - /* grow the string */ + /* + * Grow the string by two bytes. + * The actual allocation is t->length + 3 to include a terminator byte. + */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) goto err; str = (char *)ret->data; /* Work out the century and prepend */ - if (t->data[0] >= '5') - strcpy(str, "19"); - else - strcpy(str, "20"); - - strcat(str, (const char *)t->data); + memcpy(str, t->data[0] >= '5' ? "19" : "20", 2); + /* + * t->length + 1 is the size of the data and the allocated buffer has + * this much space after the first two characters. + */ + OPENSSL_strlcpy(str + 2, (const char *)t->data, t->length + 1); done: if (out != NULL && *out == NULL) |