1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
From aa6e97f68d6c8d06f531d9b6bb462dc1c0720f77 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 25 Nov 2012 14:16:24 +0100
Subject: [PATCH] corrected possible buffer overflow in parser errors.
---
lib/ASN1.c | 6 +++---
lib/ASN1.y | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/ASN1.c b/lib/ASN1.c
index 2a60527..df6fb64 100644
--- a/lib/ASN1.c
+++ b/lib/ASN1.c
@@ -119,7 +119,7 @@ static unsigned int line_number; /* line number describing the
parser position inside the
file */
static char last_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
-static char last_error_token[ASN1_MAX_NAME_SIZE+1] = ""; /* used when expected errors occur */
+static char last_error_token[ASN1_MAX_ERROR_DESCRIPTION_SIZE+1] = ""; /* used when expected errors occur */
static char last_token[ASN1_MAX_NAME_SIZE+1] = ""; /* last token find in the file
to parse before the 'parse
error' */
@@ -3283,7 +3283,7 @@ _asn1_yyerror (const char *s)
strcmp (last_token, "TeletexString") == 0 ||
strcmp (last_token, "BMPString") == 0)
{
- snprintf (last_error_token, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
+ snprintf (last_error_token, sizeof(last_error_token),
"%s", last_token);
fprintf(stderr,
"%s:%u: Warning: %s is a built-in ASN.1 type.\n",
@@ -3294,7 +3294,7 @@ _asn1_yyerror (const char *s)
if (result_parse != ASN1_NAME_TOO_LONG)
{
- snprintf (last_error, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
+ snprintf (last_error, sizeof(last_error),
"%s:%u: Error: %s near '%s'", file_name,
line_number, s, last_token);
result_parse = ASN1_SYNTAX_ERROR;
diff --git a/lib/ASN1.y b/lib/ASN1.y
index 874eb13..e0add54 100644
--- a/lib/ASN1.y
+++ b/lib/ASN1.y
@@ -42,7 +42,7 @@ static unsigned int line_number; /* line number describing the
parser position inside the
file */
static char last_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
-static char last_error_token[ASN1_MAX_NAME_SIZE+1] = ""; /* used when expected errors occur */
+static char last_error_token[ASN1_MAX_ERROR_DESCRIPTION_SIZE+1] = ""; /* used when expected errors occur */
static char last_token[ASN1_MAX_NAME_SIZE+1] = ""; /* last token find in the file
to parse before the 'parse
error' */
@@ -869,7 +869,7 @@ _asn1_yyerror (const char *s)
strcmp (last_token, "TeletexString") == 0 ||
strcmp (last_token, "BMPString") == 0)
{
- snprintf (last_error_token, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
+ snprintf (last_error_token, sizeof(last_error_token),
"%s", last_token);
fprintf(stderr,
"%s:%u: Warning: %s is a built-in ASN.1 type.\n",
@@ -880,7 +880,7 @@ _asn1_yyerror (const char *s)
if (result_parse != ASN1_NAME_TOO_LONG)
{
- snprintf (last_error, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
+ snprintf (last_error, sizeof(last_error),
"%s:%u: Error: %s near '%s'", file_name,
line_number, s, last_token);
result_parse = ASN1_SYNTAX_ERROR;
--
1.7.2.5
|