Skip to content

Commit

Permalink
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminate…
Browse files Browse the repository at this point in the history
…d strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
  • Loading branch information
mattcaswell committed Aug 24, 2021
1 parent 5f54e57 commit 2344695
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion crypto/x509v3/v3_pci.c
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n");
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data);
return 1;
}
Expand Down

0 comments on commit 2344695

Please sign in to comment.