artulab.com Git - openbsd/commit

author	guenther <guenther@openbsd.org>
	Fri, 8 Aug 2014 04:53:43 +0000 (04:53 +0000)
committer	guenther <guenther@openbsd.org>
	Fri, 8 Aug 2014 04:53:43 +0000 (04:53 +0000)
commit	fca39bf77338b32d5264edaa28a2d4ffd38b333f
tree	2e7a8bd2b664b81cd6b3f66ef5d22a83c2cbb694	tree \| snapshot
parent	6cc737cbde792bdfb612a6508b9e820d153c98a3	commit \| diff

Fix CVE-2014-3508, pretty printing and OID validation:
- make sure the output buffer is always NUL terminated if buf_len
was initially greater than zero.
- reject OIDs that are too long, too short, or not in proper base-127

Based on
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87

ok bcook@

lib/libcrypto/asn1/a_object.c		diff \| blob \| history
lib/libcrypto/objects/obj_dat.c		diff \| blob \| history
lib/libssl/src/crypto/asn1/a_object.c		diff \| blob \| history
lib/libssl/src/crypto/objects/obj_dat.c		diff \| blob \| history

OpenBSD src

RSS Atom

by Ahmet Artu Yildirim