You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by sc...@apache.org on 2022/08/04 13:26:21 UTC

svn commit: r1903226 - /santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp

Author: scantor
Date: Thu Aug  4 13:26:20 2022
New Revision: 1903226

URL: http://svn.apache.org/viewvc?rev=1903226&view=rev
Log:
SANTUARIO-591 - Invalid read, possible buffer overflow

https://issues.apache.org/jira/browse/SANTUARIO-591

Modified:
    santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp

Modified: santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp?rev=1903226&r1=1903225&r2=1903226&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp Thu Aug  4 13:26:20 2022
@@ -163,8 +163,8 @@ void OpenSSLCryptoX509::loadX509Base64Bi
 
     }
 
-    m_DERX509.sbStrcpyIn(buf);
-
+    m_DERX509.sbMemcpyIn(buf, len);
+    m_DERX509[len] = '\0';
 }
 
 // Info functions