wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/bio/b_print.c

931 lines
26 KiB
C
Raw Normal View History

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
/*
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
2017-08-20 21:19:17 +00:00
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 18:52:22 +00:00
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00
*/
#include <stdio.h>
different snprintf version.
2000-02-25 14:00:24 +00:00
#include <string.h>
Resolve warnings in VC-WIN32 build, which allows to add /WX. It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-11 21:23:12 +00:00
#include "internal/cryptlib.h"
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
2017-08-20 21:19:17 +00:00
#include "internal/ctype.h"
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
#include "internal/numbers.h"
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR:
1999-04-23 22:13:45 +00:00
#include <openssl/bio.h>
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
/*
* Copyright Patrick Powell 1995
different snprintf version.
2000-02-25 14:00:24 +00:00
* This code is based on code written by Patrick Powell <papowell@astart.com>
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
* It may be used for any purpose as long as this notice remains intact
different snprintf version.
2000-02-25 14:00:24 +00:00
* on all source code distributions.
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
*/
Certain flag macros were tested with #if instead if #ifdef...
2002-08-02 11:13:37 +00:00
#ifdef HAVE_LONG_DOUBLE
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
# define LDOUBLE long double
different snprintf version.
2000-02-25 14:00:24 +00:00
#else
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
# define LDOUBLE double
different snprintf version.
2000-02-25 14:00:24 +00:00
#endif
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int fmtstr(char **, char **, size_t *, size_t *,
const char *, int, int, int);
static int fmtint(char **, char **, size_t *, size_t *,
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
int64_t, int, int, int, int);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int fmtfp(char **, char **, size_t *, size_t *,
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
LDOUBLE, int, int, int, int);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
const char *format, va_list args);
different snprintf version.
2000-02-25 14:00:24 +00:00
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
/* format read states */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_S_DEFAULT 0
#define DP_S_FLAGS 1
#define DP_S_MIN 2
#define DP_S_DOT 3
#define DP_S_MAX 4
#define DP_S_MOD 5
#define DP_S_CONV 6
#define DP_S_DONE 7
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
/* format flags - Bits */
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* left-aligned padding */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_MINUS (1 << 0)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* print an explicit '+' for a value with positive sign */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_PLUS (1 << 1)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* print an explicit ' ' for a value with positive sign */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_SPACE (1 << 2)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* print 0/0x prefix for octal/hex and decimal point for floating point */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_NUM (1 << 3)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* print leading zeroes */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_ZERO (1 << 4)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* print HEX in UPPPERcase */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_UP (1 << 5)
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
/* treat value as unsigned */
different snprintf version.
2000-02-25 14:00:24 +00:00
#define DP_F_UNSIGNED (1 << 6)
/* conversion flags */
#define DP_C_SHORT 1
#define DP_C_LONG 2
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
Add z modifier parsing to the BIO_printf et all format string Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-28 14:57:41 +00:00
#define DP_C_SIZE 5
different snprintf version.
2000-02-25 14:00:24 +00:00
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
/* Floating point formats */
#define F_FORMAT 0
#define E_FORMAT 1
#define G_FORMAT 2
different snprintf version.
2000-02-25 14:00:24 +00:00
/* some handy macros */
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
#define char_to_int(p) (p - '0')
On some operating systems, MAX is defined. Call ours OSSL_MAX instead
2000-10-22 12:44:12 +00:00
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
_dopr(char **sbuffer,
char **buffer,
size_t *maxlen,
size_t *retlen, int *truncated, const char *format, va_list args)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
different snprintf version.
2000-02-25 14:00:24 +00:00
char ch;
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
int64_t value;
different snprintf version.
2000-02-25 14:00:24 +00:00
LDOUBLE fvalue;
char *strvalue;
int min;
int max;
int state;
int flags;
int cflags;
size_t currlen;
state = DP_S_DEFAULT;
flags = currlen = cflags = min = 0;
max = -1;
ch = *format++;
while (state != DP_S_DONE) {
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. This combines the benefits of putting the output in a preallocated buffer (on the stack, for example) and in a buffer that grows somewhere in the heap.
2000-09-07 05:50:14 +00:00
if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
different snprintf version.
2000-02-25 14:00:24 +00:00
state = DP_S_DONE;
switch (state) {
case DP_S_DEFAULT:
if (ch == '%')
state = DP_S_FLAGS;
else
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
ch = *format++;
break;
case DP_S_FLAGS:
switch (ch) {
case '-':
flags |= DP_F_MINUS;
ch = *format++;
break;
case '+':
flags |= DP_F_PLUS;
ch = *format++;
break;
case ' ':
flags |= DP_F_SPACE;
ch = *format++;
break;
case '#':
flags |= DP_F_NUM;
ch = *format++;
break;
case '0':
flags |= DP_F_ZERO;
ch = *format++;
break;
default:
state = DP_S_MIN;
break;
}
break;
case DP_S_MIN:
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
2017-08-20 21:19:17 +00:00
if (ossl_isdigit(ch)) {
different snprintf version.
2000-02-25 14:00:24 +00:00
min = 10 * min + char_to_int(ch);
ch = *format++;
} else if (ch == '*') {
min = va_arg(args, int);
ch = *format++;
state = DP_S_DOT;
} else
state = DP_S_DOT;
break;
case DP_S_DOT:
if (ch == '.') {
state = DP_S_MAX;
ch = *format++;
} else
state = DP_S_MOD;
break;
case DP_S_MAX:
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
2017-08-20 21:19:17 +00:00
if (ossl_isdigit(ch)) {
different snprintf version.
2000-02-25 14:00:24 +00:00
if (max < 0)
max = 0;
max = 10 * max + char_to_int(ch);
ch = *format++;
} else if (ch == '*') {
max = va_arg(args, int);
ch = *format++;
state = DP_S_MOD;
} else
state = DP_S_MOD;
break;
case DP_S_MOD:
switch (ch) {
case 'h':
cflags = DP_C_SHORT;
ch = *format++;
break;
case 'l':
if (*format == 'l') {
cflags = DP_C_LLONG;
format++;
} else
cflags = DP_C_LONG;
ch = *format++;
break;
case 'q':
bio/b_print.c: recognize even 'j' format modifier. 'j' is specified as modifier for "greatest-width integer type", which in practice means 64 bits on both 32- and 64-bit platforms. Since we rely on __attribute__((__format__(__printf__,...))) to sanitize BIO_print format, we can use it to denote [u]int64_t-s in platform-neutral manner. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-29 21:10:08 +00:00
case 'j':
different snprintf version.
2000-02-25 14:00:24 +00:00
cflags = DP_C_LLONG;
ch = *format++;
break;
case 'L':
cflags = DP_C_LDOUBLE;
ch = *format++;
break;
Add z modifier parsing to the BIO_printf et all format string Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-28 14:57:41 +00:00
case 'z':
cflags = DP_C_SIZE;
ch = *format++;
break;
different snprintf version.
2000-02-25 14:00:24 +00:00
default:
break;
}
state = DP_S_CONV;
break;
case DP_S_CONV:
switch (ch) {
case 'd':
case 'i':
switch (cflags) {
case DP_C_SHORT:
Short is always promoted to int when passed as a function argument. This is especially true when it's part of a '...'.
2000-02-27 23:17:18 +00:00
value = (short int)va_arg(args, int);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case DP_C_LONG:
value = va_arg(args, long int);
break;
case DP_C_LLONG:
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
value = va_arg(args, int64_t);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
Add z modifier parsing to the BIO_printf et all format string Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-28 14:57:41 +00:00
case DP_C_SIZE:
value = va_arg(args, ossl_ssize_t);
break;
different snprintf version.
2000-02-25 14:00:24 +00:00
default:
value = va_arg(args, int);
break;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
max, flags))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'X':
flags |= DP_F_UP;
/* FALLTHROUGH */
case 'x':
case 'o':
case 'u':
flags |= DP_F_UNSIGNED;
switch (cflags) {
case DP_C_SHORT:
Typo corrected.
2000-02-28 11:30:31 +00:00
value = (unsigned short int)va_arg(args, unsigned int);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case DP_C_LONG:
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
value = va_arg(args, unsigned long int);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case DP_C_LLONG:
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
value = va_arg(args, uint64_t);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
Add z modifier parsing to the BIO_printf et all format string Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-28 14:57:41 +00:00
case DP_C_SIZE:
bio/b_print.c: fix %z failure in 32-bit build. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-29 20:48:26 +00:00
value = va_arg(args, size_t);
Add z modifier parsing to the BIO_printf et all format string Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-28 14:57:41 +00:00
break;
different snprintf version.
2000-02-25 14:00:24 +00:00
default:
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
value = va_arg(args, unsigned int);
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
min, max, flags))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
flags, F_FORMAT))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'E':
flags |= DP_F_UP;
Fix gcc-7 warnings. - Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3440)
2017-05-11 14:21:37 +00:00
/* fall thru */
different snprintf version.
2000-02-25 14:00:24 +00:00
case 'e':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
flags, E_FORMAT))
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'G':
flags |= DP_F_UP;
Fix gcc-7 warnings. - Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3440)
2017-05-11 14:21:37 +00:00
/* fall thru */
different snprintf version.
2000-02-25 14:00:24 +00:00
case 'g':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
flags, G_FORMAT))
Fix some issues in b_print.c code Convert assert to OPENSSL_assert(), add some documentation, add the calls to fmtfp() for the "e" and "g" floating point formats which were missing. Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>. RT#2270 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:37:11 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'c':
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
va_arg(args, int)))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 's':
strvalue = va_arg(args, char *);
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. This combines the benefits of putting the output in a preallocated buffer (on the stack, for example) and in a buffer that grows somewhere in the heap.
2000-09-07 05:50:14 +00:00
if (max < 0) {
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
if (buffer)
max = INT_MAX;
else
max = *maxlen;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
flags, min, max))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'p':
Harmonize pointer printing and size_t-fy casts. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-30 08:36:21 +00:00
value = (size_t)va_arg(args, void *);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!fmtint(sbuffer, buffer, &currlen, maxlen,
value, 16, min, max, flags | DP_F_NUM))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
case 'n':
{
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
int *num;
different snprintf version.
2000-02-25 14:00:24 +00:00
num = va_arg(args, int *);
*num = currlen;
}
break;
case '%':
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
break;
case 'w':
/* not supported yet, treat as next char */
ch = *format++;
break;
default:
/* unknown, skip */
break;
}
ch = *format++;
state = DP_S_DEFAULT;
flags = cflags = min = 0;
max = -1;
break;
case DP_S_DONE:
break;
default:
break;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
}
BIO_printf() can fail to print the last character If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 14:53:54 +00:00
/*
* We have to truncate if there is no dynamic buffer and we have filled the
* static buffer.
*/
if (buffer == NULL) {
*truncated = (currlen > *maxlen - 1);
if (*truncated)
currlen = *maxlen - 1;
}
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. This combines the benefits of putting the output in a preallocated buffer (on the stack, for example) and in a buffer that grows somewhere in the heap.
2000-09-07 05:50:14 +00:00
*retlen = currlen - 1;
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 1;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
fmtstr(char **sbuffer,
char **buffer,
size_t *currlen,
size_t *maxlen, const char *value, int flags, int min, int max)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
int padlen;
size_t strln;
different snprintf version.
2000-02-25 14:00:24 +00:00
int cnt = 0;
if (value == 0)
value = "<NULL>";
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
padlen = min - strln;
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (min < 0 || padlen < 0)
different snprintf version.
2000-02-25 14:00:24 +00:00
padlen = 0;
Make sure max in fmtstr() doesn't overflow into negativity Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-30 03:41:57 +00:00
if (max >= 0) {
/*
* Calculate the maximum output including padding.
* Make sure max doesn't overflow into negativity
*/
if (max < INT_MAX - padlen)
max += padlen;
else
max = INT_MAX;
}
different snprintf version.
2000-02-25 14:00:24 +00:00
if (flags & DP_F_MINUS)
padlen = -padlen;
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
while ((padlen > 0) && (max < 0 || cnt < max)) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--padlen;
++cnt;
}
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
while (strln > 0 && (max < 0 || cnt < max)) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
--strln;
different snprintf version.
2000-02-25 14:00:24 +00:00
++cnt;
}
Fix fmtstr for BIO_printf() et al - If we have a maximum amount of characters permitted to be printed (for example "%.2s", which allows for a maximum of 2 chars), we minimize the number of characters from the string to printed to that size. - If there is space for padding and there is a maximum amount of characters to print (for example "%3.2s", which shall give at least a 1 space padding), the amount of characters to pad with gets added to the maximum so the minimum field size (3 in this example) gets filled out. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-21 01:46:43 +00:00
while ((padlen < 0) && (max < 0 || cnt < max)) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
++padlen;
++cnt;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 1;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
fmtint(char **sbuffer,
char **buffer,
size_t *currlen,
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
size_t *maxlen, int64_t value, int base, int min, int max, int flags)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
different snprintf version.
2000-02-25 14:00:24 +00:00
int signvalue = 0;
some const fixes and cleanup
2005-04-05 10:29:43 +00:00
const char *prefix = "";
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
uint64_t uvalue;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
char convert[DECIMAL_SIZE(value) + 3];
different snprintf version.
2000-02-25 14:00:24 +00:00
int place = 0;
int spadlen = 0;
int zpadlen = 0;
int caps = 0;
if (max < 0)
max = 0;
uvalue = value;
if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) {
signvalue = '-';
bio/b_print.c: switch to int64_t as "greatest-width integer type". Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-30 19:44:55 +00:00
uvalue = 0 - (uint64_t)value;
different snprintf version.
2000-02-25 14:00:24 +00:00
} else if (flags & DP_F_PLUS)
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Make %p and %# work properly, at least with pointers and floats.
2003-04-03 23:35:14 +00:00
if (flags & DP_F_NUM) {
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
if (base == 8)
prefix = "0";
if (base == 16)
prefix = "0x";
Make %p and %# work properly, at least with pointers and floats.
2003-04-03 23:35:14 +00:00
}
different snprintf version.
2000-02-25 14:00:24 +00:00
if (flags & DP_F_UP)
caps = 1;
do {
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
[uvalue % (unsigned)base];
uvalue = (uvalue / (unsigned)base);
Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings.
2003-10-29 05:00:57 +00:00
} while (uvalue && (place < (int)sizeof(convert)));
if (place == sizeof(convert))
different snprintf version.
2000-02-25 14:00:24 +00:00
place--;
convert[place] = 0;
zpadlen = max - place;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
spadlen =
min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
different snprintf version.
2000-02-25 14:00:24 +00:00
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
spadlen = 0;
if (flags & DP_F_ZERO) {
On some operating systems, MAX is defined. Call ours OSSL_MAX instead
2000-10-22 12:44:12 +00:00
zpadlen = OSSL_MAX(zpadlen, spadlen);
different snprintf version.
2000-02-25 14:00:24 +00:00
spadlen = 0;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
different snprintf version.
2000-02-25 14:00:24 +00:00
if (flags & DP_F_MINUS)
spadlen = -spadlen;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
/* spaces */
while (spadlen > 0) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--spadlen;
}
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
/* sign */
if (signvalue)
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
Make %p and %# work properly, at least with pointers and floats.
2003-04-03 23:35:14 +00:00
/* prefix */
while (*prefix) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
prefix++;
Make %p and %# work properly, at least with pointers and floats.
2003-04-03 23:35:14 +00:00
}
different snprintf version.
2000-02-25 14:00:24 +00:00
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--zpadlen;
}
}
/* digits */
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
while (place > 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
return 0;
}
different snprintf version.
2000-02-25 14:00:24 +00:00
/* left justified spaces */
while (spadlen < 0) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
++spadlen;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 1;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
static LDOUBLE abs_val(LDOUBLE value)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
different snprintf version.
2000-02-25 14:00:24 +00:00
LDOUBLE result = value;
if (value < 0)
result = -value;
return result;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
static LDOUBLE pow_10(int in_exp)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
different snprintf version.
2000-02-25 14:00:24 +00:00
LDOUBLE result = 1;
Avoid some shadowed variable names. Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
while (in_exp) {
different snprintf version.
2000-02-25 14:00:24 +00:00
result *= 10;
Avoid some shadowed variable names. Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
in_exp--;
different snprintf version.
2000-02-25 14:00:24 +00:00
}
return result;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
static long roundv(LDOUBLE value)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
different snprintf version.
2000-02-25 14:00:24 +00:00
long intpart;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
intpart = (long)value;
different snprintf version.
2000-02-25 14:00:24 +00:00
value = value - intpart;
if (value >= 0.5)
intpart++;
return intpart;
}
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
static int
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
fmtfp(char **sbuffer,
char **buffer,
size_t *currlen,
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
different snprintf version.
2000-02-25 14:00:24 +00:00
{
int signvalue = 0;
LDOUBLE ufvalue;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
LDOUBLE tmpvalue;
different snprintf version.
2000-02-25 14:00:24 +00:00
char iconvert[20];
char fconvert[20];
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
char econvert[20];
different snprintf version.
2000-02-25 14:00:24 +00:00
int iplace = 0;
int fplace = 0;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
int eplace = 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
int padlen = 0;
int zpadlen = 0;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
long exp = 0;
Prevent an overflow when trying to print excessively big floats We convert the integer part of the float to a long. We should check it fits first. Issue reported by Guido Vranken. GitHub Issue #1102 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 15:20:48 +00:00
unsigned long intpart;
unsigned long fracpart;
unsigned long max10;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
int realstyle;
different snprintf version.
2000-02-25 14:00:24 +00:00
if (max < 0)
max = 6;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
if (fvalue < 0)
signvalue = '-';
else if (flags & DP_F_PLUS)
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
/*
* G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
* depending on the number to be printed. Work out which one it is and use
* that from here on.
*/
if (style == G_FORMAT) {
if (fvalue == 0.0) {
realstyle = F_FORMAT;
} else if (fvalue < 0.0001) {
realstyle = E_FORMAT;
} else if ((max == 0 && fvalue >= 10)
|| (max > 0 && fvalue >= pow_10(max))) {
realstyle = E_FORMAT;
} else {
realstyle = F_FORMAT;
}
} else {
realstyle = style;
}
if (style != F_FORMAT) {
tmpvalue = fvalue;
/* Calculate the exponent */
if (fvalue != 0.0) {
while (tmpvalue < 1) {
tmpvalue *= 10;
exp--;
}
while (tmpvalue > 10) {
tmpvalue /= 10;
exp++;
}
}
if (style == G_FORMAT) {
/*
* In G_FORMAT the "precision" represents significant digits. We
* always have at least 1 significant digit.
*/
if (max == 0)
max = 1;
/* Now convert significant digits to decimal places */
if (realstyle == F_FORMAT) {
max -= (exp + 1);
if (max < 0) {
/*
* Should not happen. If we're in F_FORMAT then exp < max?
*/
return 0;
}
} else {
/*
* In E_FORMAT there is always one significant digit in front
* of the decimal point, so:
* significant digits == 1 + decimal places
*/
max--;
}
}
if (realstyle == E_FORMAT)
fvalue = tmpvalue;
}
ufvalue = abs_val(fvalue);
Prevent an overflow when trying to print excessively big floats We convert the integer part of the float to a long. We should check it fits first. Issue reported by Guido Vranken. GitHub Issue #1102 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 15:20:48 +00:00
if (ufvalue > ULONG_MAX) {
/* Number too big */
return 0;
}
intpart = (unsigned long)ufvalue;
different snprintf version.
2000-02-25 14:00:24 +00:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
/*
* sorry, we only support 9 digits past the decimal because of our
* conversion method
*/
different snprintf version.
2000-02-25 14:00:24 +00:00
if (max > 9)
max = 9;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
/*
* we "cheat" by converting the fractional part to integer by multiplying
* by a factor of 10
*/
fix compiler warning; pow10 is also in math.h
2005-05-05 20:57:37 +00:00
max10 = roundv(pow_10(max));
fracpart = roundv(pow_10(max) * (ufvalue - intpart));
different snprintf version.
2000-02-25 14:00:24 +00:00
Protect against gcc's "warning: cast does not match function type".
2004-03-25 02:19:42 +00:00
if (fracpart >= max10) {
different snprintf version.
2000-02-25 14:00:24 +00:00
intpart++;
Protect against gcc's "warning: cast does not match function type".
2004-03-25 02:19:42 +00:00
fracpart -= max10;
different snprintf version.
2000-02-25 14:00:24 +00:00
}
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
/* convert integer part */
do {
Remove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-12 14:08:21 +00:00
iconvert[iplace++] = "0123456789"[intpart % 10];
different snprintf version.
2000-02-25 14:00:24 +00:00
intpart = (intpart / 10);
To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. PR: 794 Notified by: Rhett Garber <rhett_garber@hp.com>
2003-12-11 18:01:03 +00:00
} while (intpart && (iplace < (int)sizeof(iconvert)));
Consistent formatting for sizeof(foo) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
2017-12-07 18:39:34 +00:00
if (iplace == sizeof(iconvert))
different snprintf version.
2000-02-25 14:00:24 +00:00
iplace--;
iconvert[iplace] = 0;
/* convert fractional part */
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
while (fplace < max) {
if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
/* We strip trailing zeros in G_FORMAT */
max--;
fracpart = fracpart / 10;
if (fplace < max)
continue;
break;
}
Remove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-12 14:08:21 +00:00
fconvert[fplace++] = "0123456789"[fracpart % 10];
different snprintf version.
2000-02-25 14:00:24 +00:00
fracpart = (fracpart / 10);
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
}
Consistent formatting for sizeof(foo) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
2017-12-07 18:39:34 +00:00
if (fplace == sizeof(fconvert))
different snprintf version.
2000-02-25 14:00:24 +00:00
fplace--;
fconvert[fplace] = 0;
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
/* convert exponent part */
if (realstyle == E_FORMAT) {
int tmpexp;
if (exp < 0)
tmpexp = -exp;
else
tmpexp = exp;
do {
econvert[eplace++] = "0123456789"[tmpexp % 10];
tmpexp = (tmpexp / 10);
} while (tmpexp > 0 && eplace < (int)sizeof(econvert));
/* Exponent is huge!! Too big to print */
if (tmpexp > 0)
return 0;
/* Add a leading 0 for single digit exponents */
if (eplace == 1)
econvert[eplace++] = '0';
}
/*
* -1 for decimal point (if we have one, i.e. max > 0),
* another -1 if we are printing a sign
*/
padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
/* Take some off for exponent prefix "+e" and exponent */
if (realstyle == E_FORMAT)
padlen -= 2 + eplace;
different snprintf version.
2000-02-25 14:00:24 +00:00
zpadlen = max - fplace;
if (zpadlen < 0)
zpadlen = 0;
if (padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen;
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--padlen;
signvalue = 0;
}
while (padlen > 0) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--padlen;
}
}
while (padlen > 0) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--padlen;
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
return 0;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
while (iplace > 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
return 0;
}
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
different snprintf version.
2000-02-25 14:00:24 +00:00
/*
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
Make %p and %# work properly, at least with pointers and floats.
2003-04-03 23:35:14 +00:00
if (max > 0 || (flags & DP_F_NUM)) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
return 0;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
while (fplace > 0) {
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
fconvert[--fplace]))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
}
different snprintf version.
2000-02-25 14:00:24 +00:00
}
while (zpadlen > 0) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
--zpadlen;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Fix implementation of "e" and "g" formats for printing floating points The previous commit which "fixed" the "e" and "g" floating point formats just printed them in the same way as "f". This is wrong. This commit provides the correct formatting. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 14:33:15 +00:00
if (realstyle == E_FORMAT) {
char ech;
if ((flags & DP_F_UP) == 0)
ech = 'e';
else
ech = 'E';
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
return 0;
if (exp < 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
return 0;
} else {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
return 0;
}
while (eplace > 0) {
if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
econvert[--eplace]))
return 0;
}
}
different snprintf version.
2000-02-25 14:00:24 +00:00
while (padlen < 0) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
return 0;
different snprintf version.
2000-02-25 14:00:24 +00:00
++padlen;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 1;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
#define BUFFER_INC 1024
static int
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
doapr_outch(char **sbuffer,
char **buffer, size_t *currlen, size_t *maxlen, int c)
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
{
More updates following review feedback Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
2017-08-02 14:29:31 +00:00
/* If we haven't at least one buffer, someone has done a big booboo */
Remove OPENSSL_assert() from various crypto/bio files bss_dgram.c is deferred until later due to ongoing discussions. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
2017-06-21 14:52:11 +00:00
if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
return 0;
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. This combines the benefits of putting the output in a preallocated buffer (on the stack, for example) and in a buffer that grows somewhere in the heap.
2000-09-07 05:50:14 +00:00
Clarify logic in BIO_*printf functions The static function dynamically allocates an output buffer if the output grows larger than the static buffer that is normally used. The original logic implied that |currlen| could be greater than |maxlen| which is incorrect (and if so would cause a buffer overrun). Also the original logic would call OPENSSL_malloc to create a dynamic buffer equal to the size of the static buffer, and then immediately call OPENSSL_realloc to make it bigger, rather than just creating a buffer than was big enough in the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-27 14:41:03 +00:00
/* |currlen| must always be <= |*maxlen| */
Remove OPENSSL_assert() from various crypto/bio files bss_dgram.c is deferred until later due to ongoing discussions. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
2017-06-21 14:52:11 +00:00
if (!ossl_assert(*currlen <= *maxlen))
return 0;
Clarify logic in BIO_*printf functions The static function dynamically allocates an output buffer if the output grows larger than the static buffer that is normally used. The original logic implied that |currlen| could be greater than |maxlen| which is incorrect (and if so would cause a buffer overrun). Also the original logic would call OPENSSL_malloc to create a dynamic buffer equal to the size of the static buffer, and then immediately call OPENSSL_realloc to make it bigger, rather than just creating a buffer than was big enough in the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-27 14:41:03 +00:00
if (buffer && *currlen == *maxlen) {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (*maxlen > INT_MAX - BUFFER_INC)
return 0;
*maxlen += BUFFER_INC;
Clarify logic in BIO_*printf functions The static function dynamically allocates an output buffer if the output grows larger than the static buffer that is normally used. The original logic implied that |currlen| could be greater than |maxlen| which is incorrect (and if so would cause a buffer overrun). Also the original logic would call OPENSSL_malloc to create a dynamic buffer equal to the size of the static buffer, and then immediately call OPENSSL_realloc to make it bigger, rather than just creating a buffer than was big enough in the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-27 14:41:03 +00:00
if (*buffer == NULL) {
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
2018-04-03 15:31:16 +00:00
if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) {
BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE);
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 0;
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
2018-04-03 15:31:16 +00:00
}
Clarify logic in BIO_*printf functions The static function dynamically allocates an output buffer if the output grows larger than the static buffer that is normally used. The original logic implied that |currlen| could be greater than |maxlen| which is incorrect (and if so would cause a buffer overrun). Also the original logic would call OPENSSL_malloc to create a dynamic buffer equal to the size of the static buffer, and then immediately call OPENSSL_realloc to make it bigger, rather than just creating a buffer than was big enough in the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-27 14:41:03 +00:00
if (*currlen > 0) {
Remove OPENSSL_assert() from various crypto/bio files bss_dgram.c is deferred until later due to ongoing discussions. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
2017-06-21 14:52:11 +00:00
if (!ossl_assert(*sbuffer != NULL))
return 0;
Clarify logic in BIO_*printf functions The static function dynamically allocates an output buffer if the output grows larger than the static buffer that is normally used. The original logic implied that |currlen| could be greater than |maxlen| which is incorrect (and if so would cause a buffer overrun). Also the original logic would call OPENSSL_malloc to create a dynamic buffer equal to the size of the static buffer, and then immediately call OPENSSL_realloc to make it bigger, rather than just creating a buffer than was big enough in the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-27 14:41:03 +00:00
memcpy(*buffer, *sbuffer, *currlen);
}
*sbuffer = NULL;
} else {
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
char *tmpbuf;
tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
if (tmpbuf == NULL)
return 0;
*buffer = tmpbuf;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
}
Hack b_print.c to implement asprintf() functionality. Not enabled by default yet, I wanna play with it a bit more. For those who don't know: asprintf() is an allocating sprintf. The first argument to it is a double indirection to char instead of a single.
2000-03-02 07:50:02 +00:00
}
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. This combines the benefits of putting the output in a preallocated buffer (on the stack, for example) and in a buffer that grows somewhere in the heap.
2000-09-07 05:50:14 +00:00
if (*currlen < *maxlen) {
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
if (*sbuffer)
(*sbuffer)[(*currlen)++] = (char)c;
else
(*buffer)[(*currlen)++] = (char)c;
Hack b_print.c to implement asprintf() functionality. Not enabled by default yet, I wanna play with it a bit more. For those who don't know: asprintf() is an allocating sprintf. The first argument to it is a double indirection to char instead of a single.
2000-03-02 07:50:02 +00:00
}
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return 1;
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
2000-02-24 22:23:45 +00:00
}
New function ERR_error_string_n.
2000-04-14 23:36:15 +00:00
/***************************************************************************/
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
int BIO_printf(BIO *bio, const char *format, ...)
{
va_list args;
int ret;
va_start(args, format);
ret = BIO_vprintf(bio, format, args);
va_end(args);
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-17 14:04:09 +00:00
return ret;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
}
int BIO_vprintf(BIO *bio, const char *format, va_list args)
{
int ret;
size_t retlen;
char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable
* in small-stack environments, like threads
* or DOS programs. */
char *hugebufp = hugebuf;
size_t hugebufsize = sizeof(hugebuf);
char *dynbuf = NULL;
int ignored;
dynbuf = NULL;
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
args)) {
OPENSSL_free(dynbuf);
return -1;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
if (dynbuf) {
ret = BIO_write(bio, dynbuf, (int)retlen);
OPENSSL_free(dynbuf);
} else {
ret = BIO_write(bio, hugebuf, (int)retlen);
}
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-17 14:04:09 +00:00
return ret;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
}
/*
* As snprintf is not available everywhere, we provide our own
* implementation. This function has nothing to do with BIOs, but it's
* closely related to BIO_printf, and we need *some* name prefix ... (XXX the
* function should be renamed, but to what?)
*/
New function ERR_error_string_n.
2000-04-14 23:36:15 +00:00
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
{
va_list args;
int ret;
Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
va_start(args, format);
Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
ret = BIO_vsnprintf(buf, n, format, args);
Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
va_end(args);
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-17 14:04:09 +00:00
return ret;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
}
Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness.
2000-08-18 09:36:59 +00:00
int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
{
size_t retlen;
int truncated;
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-08-26 15:56:44 +00:00
if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 13:09:46 +00:00
return -1;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 03:40:55 +00:00
if (truncated)
/*
* In case of truncation, return -1 like traditional snprintf.
* (Current drafts for ISO/IEC 9899 say snprintf should return the
* number of characters that would have been written, had the buffer
* been large enough.)
*/
return -1;
else
return (retlen <= INT_MAX) ? (int)retlen : -1;
}
Reference in a new issue Copy permalink