Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
gnutls: prevent buffer overflow in get_cert_name
The test suite for ocserv calls openconnect with a certificate that has a name that is 84 bytes in length. The buffer passed to get_cert_name is currently 80 bytes. The gnutls_x509_crt_get_dn_by_oid function will update the buffer size parameter if the buffer is too small. http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html RETURNS GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and in that case the buf_size will be updated with the required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no data in the current index. On success 0 is returned. Use a temporary variable to avoid clobbering the namelen variable that is passed to get_cert_name. Bug: https://bugs.gentoo.org/721570 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Signed-off-by: Mike Gilbert <floppym@gentoo.org>
- Loading branch information