Fix GENERAL_NAME_print to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
author: Matt Caswell <matt@openssl.org> 2021-08-18 13:34:55 +0200
committer: Matt Caswell <matt@openssl.org> 2021-08-24 15:22:06 +0200
commit: b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd (patch)
tree: 1cd852641ff7d7ce5c8cbe7de68bc06aaa59fc5e /crypto/x509
parent: Fix POLICYINFO printing to not assume NUL terminated strings (diff)
download: openssl-b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd.tar.xz
openssl-b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd.zip
1 files changed, 10 insertions, 5 deletions
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 22cef05370..26708aefae 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -223,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
 
         switch (nid) {
         case NID_id_on_SmtpUTF8Mailbox:
-            BIO_printf(out, "othername:SmtpUTF8Mailbox:%s",
+            BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_XmppAddr:
-            BIO_printf(out, "othername:XmppAddr:%s",
+            BIO_printf(out, "othername:XmppAddr:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_SRVName:
-            BIO_printf(out, "othername:SRVName:%s",
+            BIO_printf(out, "othername:SRVName:%.*s",
+                       gen->d.otherName->value->value.ia5string->length,
                        gen->d.otherName->value->value.ia5string->data);
             break;
         case NID_ms_upn:
-            BIO_printf(out, "othername:UPN:%s",
+            BIO_printf(out, "othername:UPN:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         case NID_NAIRealm:
-            BIO_printf(out, "othername:NAIRealm:%s",
+            BIO_printf(out, "othername:NAIRealm:%.*s",
+                       gen->d.otherName->value->value.utf8string->length,
                        gen->d.otherName->value->value.utf8string->data);
             break;
         default:
author	Matt Caswell <matt@openssl.org>	2021-08-18 13:34:55 +0200
committer	Matt Caswell <matt@openssl.org>	2021-08-24 15:22:06 +0200
commit	b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd (patch)
tree	1cd852641ff7d7ce5c8cbe7de68bc06aaa59fc5e /crypto/x509
parent	Fix POLICYINFO printing to not assume NUL terminated strings (diff)
download	openssl-b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd.tar.xz openssl-b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd.zip