Commit ea96ad5a authored by Matt Caswell's avatar Matt Caswell
Browse files

Prevent EBCDIC overread for very long strings 



ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.

Issue reported by Guido Vranken.

CVE-2016-2176

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 3f358213

crypto/x509/x509_obj.c

+3 −2
Original line number Diff line number Diff line
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) 
            type == V_ASN1_PRINTABLESTRING ||

            type == V_ASN1_TELETEXSTRING ||

            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {

            ascii2ebcdic(ebcdic_buf, q, (num > (int)sizeof(ebcdic_buf))

                         ? (int)sizeof(ebcdic_buf) : num);

            if (num > (int)sizeof(ebcdic_buf))

                num = sizeof(ebcdic_buf);

            ascii2ebcdic(ebcdic_buf, q, num);

            q = ebcdic_buf;

        }

#endif