[SANTUARIO-591] Invalid read, possible buffer overflow - ASF JIRA

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: C++ 2.0.0, C++ 2.0.1, C++ 2.0.2, C++ 2.0.3
Fix Version/s: C++ 2.0.4
Component/s: C++
Labels:
None

Description

In function: OpenSSLCryptoX509::loadX509Base64Bin of xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp around line 166:

m_DERX509.sbStrcpyIn(buf);

This buf variable is the parameter of the function:

void OpenSSLCryptoX509::loadX509Base64Bin(const char * buf, unsigned int len) {
...

Since the length is not provided, sbStrcpyIn calls strlen in buf which tries to find a null character, but the signature of the function (loadX509Base64Bin) takes the length as well, which suggest that the caller shouldn't need to provide a null terminated string.

A possible fix is to call sbStrncpyIn(buf, len) but it is not clear to me when m_DERX509 is used (if it is). Maybe removing this call is enough...

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Scott Cantor

Reporter:: Manuel Arguelles

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Aug/22 22:20

Updated:: 05/Oct/22 13:20

Resolved:: 04/Aug/22 13:28

Agile

View on Board

Invalid read, possible buffer overflow