| From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 |
| From: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| Date: Thu, 22 Jun 2017 16:31:37 +0200 |
| Subject: [PATCH] _asn1_check_identifier: safer access to values read |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| |
| http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 |
| Upstream-Status: Backport |
| |
| CVE: CVE-2017-10790 |
| |
| Signed-off-by: Yue Tao <Yue.Tao@windriver.com> |
| Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
| --- |
| lib/parser_aux.c | 17 ++++++++++++----- |
| 1 file changed, 12 insertions(+), 5 deletions(-) |
| |
| diff --git a/lib/parser_aux.c b/lib/parser_aux.c |
| index 976ab38..786ea64 100644 |
| --- a/lib/parser_aux.c |
| +++ b/lib/parser_aux.c |
| @@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) |
| if (p2 == NULL) |
| { |
| if (p->value) |
| - _asn1_strcpy (_asn1_identifierMissing, p->value); |
| + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); |
| else |
| _asn1_strcpy (_asn1_identifierMissing, "(null)"); |
| return ASN1_IDENTIFIER_NOT_FOUND; |
| @@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) |
| if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) |
| { |
| _asn1_str_cpy (name2, sizeof (name2), node->name); |
| - _asn1_str_cat (name2, sizeof (name2), "."); |
| - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
| - _asn1_strcpy (_asn1_identifierMissing, p2->value); |
| + if (p2->value) |
| + { |
| + _asn1_str_cat (name2, sizeof (name2), "."); |
| + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
| + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); |
| + } |
| + else |
| + _asn1_strcpy (_asn1_identifierMissing, "(null)"); |
| + |
| p2 = asn1_find_node (node, name2); |
| if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || |
| !(p2->type & CONST_ASSIGN)) |
| @@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) |
| _asn1_str_cpy (name2, sizeof (name2), node->name); |
| _asn1_str_cat (name2, sizeof (name2), "."); |
| _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
| - _asn1_strcpy (_asn1_identifierMissing, p2->value); |
| + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); |
| + |
| p2 = asn1_find_node (node, name2); |
| if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) |
| || !(p2->type & CONST_ASSIGN)) |
| -- |
| 1.7.9.5 |
| |