Fix potential buffer overrun for EBCDIC.

2024-11-25 11:03:37 +08:00 · 2001-02-06 02:54:02 +00:00 · 2001-02-06 02:54:02 +00:00 · 741a9690df
commit 741a9690df
parent e24e40657f
2 changed files with 23 additions and 6 deletions
--- a/3
+++ b/3
@ -3,6 +3,9 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
     request to response.
     [Steve Henson]
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@ -87,9 +87,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 		else BIO_printf(out, "%s:%s", nval->name, nval->value);
 #else
 		else {
-			char tmp[10240]; /* 10k is BIO_printf's limit anyway */
-			ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1);
-			BIO_printf(out, "%s:%s", nval->name, tmp);
+			int len;
+			char *tmp;
+			len = strlen(nval->value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, nval->value, len);
+				BIO_printf(out, "%s:%s", nval->name, tmp);
+				OPENSSL_free(tmp);
+			}
 		}
 #endif
 		if(ml) BIO_puts(out, "\n");
@ -123,9 +130,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 		BIO_printf(out, "%*s%s", indent, "", value);
 #else
 		{
-			char tmp[10240]; /* 10k is BIO_printf's limit anyway */
-			ascii2ebcdic(tmp, value, strlen(value)+1);
-			BIO_printf(out, "%*s%s", indent, "", tmp);
+			int len;
+			char *tmp;
+			len = strlen(value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, value, len);
+				BIO_printf(out, "%*s%s", indent, "", tmp);
+				OPENSSL_free(tmp);
+			}
 		}
 #endif
 	} else if(method->i2v) {