You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/01 23:23:00 UTC
[jira] [Updated] (SANTUARIO-447) XSECCryptoX509::loadX509PEM() can
read past unterminated buffer
[ https://issues.apache.org/jira/browse/SANTUARIO-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor updated SANTUARIO-447:
-----------------------------------
Fix Version/s: (was: C++ 1.7.4)
C++ 2.0.0
> XSECCryptoX509::loadX509PEM() can read past unterminated buffer
> ---------------------------------------------------------------
>
> Key: SANTUARIO-447
> URL: https://issues.apache.org/jira/browse/SANTUARIO-447
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Affects Versions: C++ 1.7.3
> Reporter: Ferenc Wágner
> Assignee: Scott Cantor
> Fix For: C++ 2.0.0
>
>
> If {{XSECCryptoX509::loadX509PEM(buf, len)}} is called with a nonzero {{len}} argument, it makes a zero-terminated copy ({{b}}) of the passed buffer, but still calls {{strstr()}} on the {{buf}} pointer passed to the function, not on {{b}}. This lets {{strstr()}} read past the memory region designated by the caller.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)