crypto/x509/v3_utl.c: Fix IPv6 output in ipaddr_to_asc()

Fixes #12695 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/12696)
2025-01-19 16:33:33 +08:00 · 2020-08-20 21:31:33 +02:00 · 2020-08-20 21:31:33 +02:00 · eb800ef553
commit eb800ef553
parent 9afa0748cf
1 changed files with 11 additions and 3 deletions
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@ -978,7 +978,12 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)

 char *ipaddr_to_asc(unsigned char *p, int len)
 {
+    /*
+     * 40 is enough space for the longest IPv6 address + nul terminator byte
+     * XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX\0
+     */
    char buf[40], *out;
+    int i = 0, remain = 0, bytes = 0;

    switch (len) {
    case 4: /* IPv4 */
@ -986,11 +991,14 @@ char *ipaddr_to_asc(unsigned char *p, int len)
        break;
        /* TODO possibly combine with static i2r_address() in v3_addr.c */
    case 16: /* IPv6 */
-        for (out = buf; out < buf + 8 * 3; out += 3) {
-            BIO_snprintf(out, 3 + 1, "%X:", p[0] << 8 | p[1]);
+        for (out = buf, i = 8, remain = sizeof(buf);
+             i-- > 0 && bytes >= 0;
+             remain -= bytes, out += bytes) {
+            const char *template = (i > 0 ? "%X:" : "%X");
+
+            bytes = BIO_snprintf(out, remain, template, p[0] << 8 | p[1]);
            p += 2;
        }
-        out[-1] = '\0';
        break;
    default:
        BIO_snprintf(buf, sizeof(buf), "<invalid length=%d>", len);