diff options
| author |   jsing <jsing@openbsd.org> | 2017-09-25 18:02:27 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-09-25 18:02:27 +0000 |
| commit | 177afba26635a4a32ad9e4010782c00755fd899e (patch) | |
| tree | 2abd2d513347776fb8ce51510a54b8baf3734c82 /lib/libssl/s3_lib.c | |
| parent | When building the OCSP extension, only add the length prefixed extensions (diff) | |
| download | wireguard-openbsd-177afba26635a4a32ad9e4010782c00755fd899e.tar.xz wireguard-openbsd-177afba26635a4a32ad9e4010782c00755fd899e.zip | |
Fix various issues in the OCSP extension parsing code:
- When parsing the OCSP extension we can have multiple responder IDs - pull
these out correctly.
- Stop using CBS_stow() - it's unnecessary since we just need access to the
data and length (which we can get via CBS_data() and CBS_len()).
- Use a temporary pointer when calling d2i_*() functions, since it will
increment the pointer by the number of bytes it consumed when decoding.
The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.
ok beck@
Diffstat (limited to 'lib/libssl/s3_lib.c')
0 files changed, 0 insertions, 0 deletions