Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-591

Invalid read, possible buffer overflow

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • C++ 2.0.0, C++ 2.0.1, C++ 2.0.2, C++ 2.0.3
    • C++ 2.0.4
    • C++
    • None

    Description

      In function: OpenSSLCryptoX509::loadX509Base64Bin of xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp around line 166:

       

      m_DERX509.sbStrcpyIn(buf); 

       

      This buf variable is the parameter of the function:

      void OpenSSLCryptoX509::loadX509Base64Bin(const char * buf, unsigned int len) {
      ... 

      Since the length is not provided, sbStrcpyIn calls strlen in buf which tries to find a null character, but the signature of the function (loadX509Base64Bin) takes the length as well, which suggest that the caller shouldn't need to provide a null terminated string.

       

      A possible fix is to call sbStrncpyIn(buf, len) but it is not clear to me when m_DERX509 is used (if it is). Maybe removing this call is enough...

      Attachments

        Activity

          People

            scantor Scott Cantor
            pakcjo Manuel Arguelles
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: