From fc77590c4ef4283baae395f63b29793fb3c9f74d Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 21 Sep 2018 17:02:56 -0600 Subject: [PATCH 1/2] Address a potential out of bounds write --- src/ssl.c | 4 ++-- wolfssl/wolfcrypt/asn.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b31d21903..c253b50dc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19018,7 +19018,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE); /* GeneralizedTime */ } else { - char gt_str[ASN_GENERALIZED_TIME_SIZE]; + char gt_str[ASN_GENERALIZED_TIME_LONG]; int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; byte *data_ptr = NULL; @@ -19028,7 +19028,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, gt_hour = ts->tm_hour; gt_min = ts->tm_min; gt_sec = ts->tm_sec; - XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_SIZE, + XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_LONG, "%4d%02d%02d%02d%02d%02dZ", gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); data_ptr = s->data; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 9782ab527..c851dd4f2 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -104,6 +104,7 @@ enum ASN_Tags { #define ASN_UTC_TIME_SIZE 14 #define ASN_GENERALIZED_TIME_SIZE 16 +#define ASN_GENERALIZED_TIME_LONG 68 enum DN_Tags { ASN_COMMON_NAME = 0x03, /* CN */ From 29d60ec7e916647c586bf85e4a249baf663d95af Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 21 Sep 2018 17:09:37 -0600 Subject: [PATCH 2/2] Changed to MAX over LONG based on peer review --- src/ssl.c | 4 ++-- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c253b50dc..d48363a64 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19018,7 +19018,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE); /* GeneralizedTime */ } else { - char gt_str[ASN_GENERALIZED_TIME_LONG]; + char gt_str[ASN_GENERALIZED_TIME_MAX]; int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; byte *data_ptr = NULL; @@ -19028,7 +19028,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, gt_hour = ts->tm_hour; gt_min = ts->tm_min; gt_sec = ts->tm_sec; - XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_LONG, + XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_MAX, "%4d%02d%02d%02d%02d%02dZ", gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); data_ptr = s->data; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index c851dd4f2..df0c2d6b4 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -104,7 +104,7 @@ enum ASN_Tags { #define ASN_UTC_TIME_SIZE 14 #define ASN_GENERALIZED_TIME_SIZE 16 -#define ASN_GENERALIZED_TIME_LONG 68 +#define ASN_GENERALIZED_TIME_MAX 68 enum DN_Tags { ASN_COMMON_NAME = 0x03, /* CN */