![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / openssl
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_7_0_BASE
Revision 1.24 / (download) - annotate - [select for diffs], Sun Aug 29 19:56:40 2021 UTC (2 years, 9 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.23: +7 -5 lines
Diff to previous 1.23 (colored)
Do not call X509_alias_get0(3) with NULL as the second argument. Even if the buffer is guaranteed to be NUL-terminated in a particular case, it is still setting a bad example. Besides, it is unclear to me whether there is any such guarantee in the case at hand. Checking that would require auditing all of d2i_X509_bio(3), ASN1_item_d2i_bio(&NETSCAPE_X509_it, ...), PEM_read_bio_X509_AUX(3), and PKCS12_parse(3), since no such guarantee is documented for any of these functions, and even then it would remain fragile with respect to later changes of implementation details. In the worst case, this could potentially result in a read buffer overrun. OK tb@ on an earlier version of this patch. While we are here, deraadt@ requested to not use the word "string" in the name of a variable that is not a string in the sense of the C language.