You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/01 23:23:00 UTC

[jira] [Updated] (SANTUARIO-447) XSECCryptoX509::loadX509PEM() can read past unterminated buffer

     [ https://issues.apache.org/jira/browse/SANTUARIO-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor updated SANTUARIO-447:
-----------------------------------
    Fix Version/s:     (was: C++ 1.7.4)
                   C++ 2.0.0

> XSECCryptoX509::loadX509PEM() can read past unterminated buffer
> ---------------------------------------------------------------
>
>                 Key: SANTUARIO-447
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-447
>             Project: Santuario
>          Issue Type: Bug
>          Components: C++
>    Affects Versions: C++ 1.7.3
>            Reporter: Ferenc Wágner
>            Assignee: Scott Cantor
>             Fix For: C++ 2.0.0
>
>
> If {{XSECCryptoX509::loadX509PEM(buf, len)}} is called with a nonzero {{len}} argument, it makes a zero-terminated copy ({{b}}) of the passed buffer, but still calls {{strstr()}} on the {{buf}} pointer passed to the function, not on {{b}}. This lets {{strstr()}} read past the memory region designated by the caller.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)