diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-02-04 18:53:07 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-02-05 00:33:33 +0000 |
commit | ac3e3665016e4441475276461d5f910eb9e9ea15 (patch) | |
tree | 70ff5383d5e4a639afc03124312244e4e8594db3 /crypto/asn1/t_pkey.c | |
parent | 907e95006820c84d2efe1adb2c8af8340f3ba6cc (diff) | |
download | openssl-ac3e3665016e4441475276461d5f910eb9e9ea15.tar.gz |
Allocate ASN1_bn_print buffer internally.
Don't require an application to work out the appropriate buffer size for
ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate
it internally instead.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto/asn1/t_pkey.c')
-rw-r--r-- | crypto/asn1/t_pkey.c | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index afe347bab2..b17862c2f4 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -91,14 +91,16 @@ int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent) } int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *buf, int indent) + unsigned char *ign, int indent) { - int n; + int n, rv = 0; const char *neg; + unsigned char *buf = NULL, *tmp = NULL; + int buflen; if (num == NULL) return 1; - neg = (BN_is_negative(num)) ? "-" : ""; + neg = BN_is_negative(num) ? "-" : ""; if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) return 0; if (BN_is_zero(num)) { @@ -111,21 +113,29 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, (unsigned long)bn_get_words(num)[0], neg, (unsigned long)bn_get_words(num)[0]) <= 0) - return (0); - } else { - buf[0] = 0; - if (BIO_printf(bp, "%s%s\n", number, - (neg[0] == '-') ? " (Negative)" : "") <= 0) - return (0); - n = BN_bn2bin(num, &buf[1]); - - if (buf[1] & 0x80) - n++; - else - buf++; - - if (ASN1_buf_print(bp, buf, n, indent + 4) == 0) return 0; + return 1; } - return 1; + + buflen = BN_num_bytes(num) + 1; + buf = tmp = OPENSSL_malloc(buflen); + if (buf == NULL) + goto err; + buf[0] = 0; + if (BIO_printf(bp, "%s%s\n", number, + (neg[0] == '-') ? " (Negative)" : "") <= 0) + goto err; + n = BN_bn2bin(num, buf + 1); + + if (buf[1] & 0x80) + n++; + else + tmp++; + + if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0) + goto err; + rv = 1; + err: + OPENSSL_clear_free(buf, buflen); + return rv; } |