mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 10:47:28 +02:00
Fix of buffer overflow in GenerateDNSEntryRIDString()
This commit is contained in:
Lealem Amedie
@ -12988,7 +12988,6 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||||||
{
|
{
|
||||||
int i, j, ret = 0;
|
int i, j, ret = 0;
|
||||||
int nameSz = 0;
|
int nameSz = 0;
|
||||||
int numerical = 0;
|
|
||||||
int nid = 0;
|
int nid = 0;
|
||||||
int tmpSize = MAX_OID_SZ;
|
int tmpSize = MAX_OID_SZ;
|
||||||
word32 oid = 0;
|
word32 oid = 0;
|
||||||
@ -13019,18 +13018,23 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||||||
ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
|
ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
|
||||||
tmpName, (word32*)&tmpSize);
|
tmpName, (word32*)&tmpSize);
|
||||||
|
|
||||||
numerical = 1;
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
j = 0;
|
j = 0;
|
||||||
/* Append each number of dotted form. */
|
/* Append each number of dotted form. */
|
||||||
for (i = 0; i < tmpSize; i++) {
|
for (i = 0; i < tmpSize; i++) {
|
||||||
ret = XSNPRINTF(oidName + j, MAX_OID_SZ, "%d", tmpName[i]);
|
if (j > MAX_OID_SZ) {
|
||||||
|
return BUFFER_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i < tmpSize - 1) {
|
||||||
|
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]);
|
||||||
|
}
|
||||||
|
|
||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
j += ret;
|
j += ret;
|
||||||
if (i < tmpSize - 1) {
|
|
||||||
oidName[j] = '.';
|
|
||||||
j++;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
@ -13044,18 +13048,15 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
nameSz = (int)XSTRLEN((const char*)finalName);
|
nameSz = (int)XSTRLEN((const char*)finalName);
|
||||||
|
|
||||||
entry->ridString = (char*)XMALLOC(nameSz + numerical, heap,
|
entry->ridString = (char*)XMALLOC(nameSz + 1, heap,
|
||||||
DYNAMIC_TYPE_ALTNAME);
|
DYNAMIC_TYPE_ALTNAME);
|
||||||
|
|
||||||
if (entry->ridString == NULL) {
|
if (entry->ridString == NULL) {
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
XMEMCPY(entry->ridString, finalName, nameSz);
|
XMEMCPY(entry->ridString, finalName, nameSz + 1);
|
||||||
if (numerical) {
|
|
||||||
entry->ridString[nameSz] = '\0';
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user