Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-447

XSECCryptoX509::loadX509PEM() can read past unterminated buffer

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: C++ 1.7.3
    • Fix Version/s: C++ 2.0.0
    • Component/s: C++
    • Labels:
      None

      Description

      If XSECCryptoX509::loadX509PEM(buf, len) is called with a nonzero len argument, it makes a zero-terminated copy (b) of the passed buffer, but still calls strstr() on the buf pointer passed to the function, not on b. This lets strstr() read past the memory region designated by the caller.

        Attachments

          Activity

            People

            • Assignee:
              scantor Scott Cantor
              Reporter:
              wferi Ferenc W√°gner
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: