From fdf93b5cf63676f2247b8999ee12773bd897ee00 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 31 Oct 2021 06:48:54 +0000 Subject: [PATCH] Add explicit CBS_contains_zero_byte() check in CBS_strdup(). If the CBS data contains a zero byte, then CBS_strdup() is only going to return part of the data - add an explicit CBS_contains_zero_byte() and treat such data as an error case. ok tb@ --- lib/libssl/bs_cbs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/libssl/bs_cbs.c b/lib/libssl/bs_cbs.c index 8d55871592f..ab76b789272 100644 --- a/lib/libssl/bs_cbs.c +++ b/lib/libssl/bs_cbs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbs.c,v 1.20 2021/05/16 10:58:27 jsing Exp $ */ +/* $OpenBSD: bs_cbs.c,v 1.21 2021/10/31 06:48:54 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -95,6 +95,11 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) { free(*out_ptr); + *out_ptr = NULL; + + if (CBS_contains_zero_byte(cbs)) + return 0; + *out_ptr = strndup((const char *)cbs->data, cbs->len); return (*out_ptr != NULL); } -- 2.20.1