Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/libtasn1/patches/libtasn1-01-buffer-overflow.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Thu, 12 Jan 2017 23:01:10 -0800
changeset 7573 327652931f2a
parent 4723 4193dfeb0e39
permissions -rw-r--r--
Added tag s12-116 for changeset 61e40bdebd78

Source:
Internal

Info:
To take out buffer overflow issue.

Status:
Need to determine if this patch has been sent upstream.

--- a/lib/coding.c
+++ b/lib/coding.c
@@ -253,18 +253,23 @@ static asn1_retCode
 _asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
 {
   int len_len, counter, k, first, max_len;
-  char *temp, *n_end, *n_start;
+  char *temp = NULL, *n_end, *n_start;
   unsigned char bit7;
   unsigned long val, val1 = 0;
+  size_t temp_size = str ? strlen (str) : 0;
+
+  temp_size += 2;
+  if (temp_size < 2)
+    return ASN1_MEM_ALLOC_ERROR;
 
   max_len = *der_len;
 
-  temp = (char *) _asn1_malloc (strlen (str) + 2);
+  temp = (char *) _asn1_malloc (temp_size);
   if (temp == NULL)
     return ASN1_MEM_ALLOC_ERROR;
 
-  strcpy (temp, str);
-  strcat (temp, ".");
+  strncpy (temp, str ? (const char *)str : "", temp_size);
+  strncat (temp, ".", 1);
 
   counter = 0;
   n_start = temp;
upstream/oracle/userland-gate