From 620855757d6e231a4a98dc8a3883406d9f6e3e53 Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 29 Aug 2021 19:56:40 +0000 Subject: [PATCH] Do not call X509_alias_get0(3) with NULL as the second argument. Even if the buffer is guaranteed to be NUL-terminated in a particular case, it is still setting a bad example. Besides, it is unclear to me whether there is any such guarantee in the case at hand. Checking that would require auditing all of d2i_X509_bio(3), ASN1_item_d2i_bio(&NETSCAPE_X509_it, ...), PEM_read_bio_X509_AUX(3), and PKCS12_parse(3), since no such guarantee is documented for any of these functions, and even then it would remain fragile with respect to later changes of implementation details. In the worst case, this could potentially result in a read buffer overrun. OK tb@ on an earlier version of this patch. While we are here, deraadt@ requested to not use the word "string" in the name of a variable that is not a string in the sense of the C language. --- usr.bin/openssl/x509.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/usr.bin/openssl/x509.c b/usr.bin/openssl/x509.c index 9a2fdd9d16d..3102be9ba38 100644 --- a/usr.bin/openssl/x509.c +++ b/usr.bin/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.23 2021/04/07 10:44:03 inoguchi Exp $ */ +/* $OpenBSD: x509.c,v 1.24 2021/08/29 19:56:40 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1016,10 +1016,12 @@ x509_main(int argc, char **argv) sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } else if (x509_config.aliasout == i) { - unsigned char *alstr; - alstr = X509_alias_get0(x, NULL); - if (alstr != NULL) - BIO_printf(STDout, "%s\n", alstr); + unsigned char *albuf; + int buflen; + albuf = X509_alias_get0(x, &buflen); + if (albuf != NULL) + BIO_printf(STDout, "%.*s\n", + buflen, albuf); else BIO_puts(STDout, "\n"); } else if (x509_config.subject_hash == i) { -- 2.20.1