Add a length check before NUL-terminating target. From Jonas Termansen.

author tb <tb@openbsd.org>

Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)

committer tb <tb@openbsd.org>

Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)
author tb <tb@openbsd.org>
Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)
committer tb <tb@openbsd.org>
Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)
diff --git a/usr.bin/openssl/certhash.c b/usr.bin/openssl/certhash.c

index 31c4899..a4417a2 100644 (file)
--- a/usr.bin/openssl/certhash.c
+++ b/usr.bin/openssl/certhash.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: certhash.c,v 1.18 2021/08/28 08:16:39 tb Exp $ */
+/*     $OpenBSD: certhash.c,v 1.19 2021/10/23 08:13:48 tb Exp $ */
  /*
   * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
   *
@@ -490,6 +490,10 @@ certhash_link(struct dirent *dep, struct hashinfo **links)
                 fprintf(stderr, "failed to readlink %s\n", dep->d_name);
                 return (-1);
         }
+       if (n >= sizeof(target) - 1) {
+               fprintf(stderr, "symbolic link is too long %s\n", dep->d_name);
+               return (-1);
+       }
         target[n] = '\0';
  
         hi = hashinfo_from_linkname(dep->d_name, target);
author	tb <tb@openbsd.org>
	Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)
committer	tb <tb@openbsd.org>
	Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)