Skip to content
Snippets Groups Projects
Commit 21aafd09 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: biomem->data is not zero terminated

So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
parent 45c037a1
Branches
Tags
No related merge requests found
......@@ -2117,7 +2117,7 @@ static int X509V3_ext(struct SessionHandle *data,
sep=", ";
j++; /* skip the newline */
};
while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))
while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
j++;
if(j<(size_t)biomem->length)
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
......@@ -2159,8 +2159,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
BIO_get_mem_ptr(bio_out, &biomem);
infof(data, "%s\n", biomem->data);
Curl_ssl_push_certinfo_len(data, numcert,
"Cert", biomem->data, biomem->length);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment