[SANTUARIO-447] XSECCryptoX509::loadX509PEM() can read past unterminated buffer - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: C++ 1.7.3
Fix Version/s: C++ 2.0.0
Component/s: C++
Labels:
None

Description

If XSECCryptoX509::loadX509PEM(buf, len) is called with a nonzero len argument, it makes a zero-terminated copy (b) of the passed buffer, but still calls strstr() on the buf pointer passed to the function, not on b. This lets strstr() read past the memory region designated by the caller.

Attachments

Activity

People

Assignee:: Scott Cantor

Reporter:: Ferenc Wágner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Jun/16 20:44

Updated:: 27/Jun/18 15:28

Resolved:: 01/Sep/17 23:25