XSECCryptoX509CRL::loadX509CRLPEM() can read past unterminated buffer

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

If XSECCryptoX509CRL::loadX509CRLPEM(buf, len) is called with a nonzero len argument, it makes a zero-terminated copy (b) of the passed buffer, but still calls strstr() on the buf pointer passed to the function, not on b. This lets strstr() read past the memory region designated by the caller.

Environment

None

Activity

Scott Cantor June 26, 2016 at 7:28 PM

http://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=db08101c3854518a59096be95ed6564838381744

Not called in the SP as it turns out so a latent issue.

Resize issue view side panel

Fixed

Details
Assignee
Scott Cantor
Reporter
Ferenc Wágner
Fix versions
1.6.0
Affects versions
1.5.6

Created June 25, 2016 at 8:45 PM

Updated June 29, 2016 at 4:22 PM

Resolved June 26, 2016 at 7:28 PM

XSECCryptoX509CRL::loadX509CRLPEM() can read past unterminated buffer

Description

Environment

Activity

Scott Cantor June 26, 2016 at 7:28 PM

Details
Assignee
Scott Cantor
Reporter
Ferenc Wágner
Fix versions
1.6.0
Affects versions
1.5.6

Details

Assignee

Reporter

Fix versions

Affects versions

Flag notifications

Something's gone wrong

Something's gone wrong

XSECCryptoX509CRL::loadX509CRLPEM() can read past unterminated buffer

Description

Environment

Activity

Scott Cantor June 26, 2016 at 7:28 PM

DetailsAssigneeScott CantorScott CantorReporterFerenc WágnerFerenc WágnerFix versions1.6.0Affects versions1.5.6

Details

Assignee

Reporter

Fix versions

Affects versions

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Scott Cantor
Reporter
Ferenc Wágner
Fix versions
1.6.0
Affects versions
1.5.6