From 07a5adb87880f3fce80aa12121409bbf652f1b6d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 17 May 2014 08:08:15 +0200 Subject: [PATCH] made _asn1_ltostr() safer. --- lib/coding.c | 6 +++--- lib/decoding.c | 10 +++++----- lib/element.c | 2 +- lib/parser_aux.h | 6 ++---- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/lib/coding.c b/lib/coding.c index e4eb060..c560ebf 100644 --- a/lib/coding.c +++ b/lib/coding.c @@ -631,7 +631,7 @@ _asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter, memcpy (der + *counter, tag_der, tag_len); *counter += tag_len; - _asn1_ltostr (*counter, (char *) temp); + _asn1_ltostr (*counter, (char *) temp, sizeof(temp)); _asn1_set_name (p, (const char *) temp); is_tag_implicit = 0; @@ -1187,7 +1187,7 @@ asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, case ASN1_ETYPE_SET: if (move != UP) { - _asn1_ltostr (counter, (char *) temp); + _asn1_ltostr (counter, (char *) temp, sizeof(temp)); tlen = _asn1_strlen (temp); if (tlen > 0) _asn1_set_value (p, temp, tlen + 1); @@ -1236,7 +1236,7 @@ asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, case ASN1_ETYPE_SET_OF: if (move != UP) { - _asn1_ltostr (counter, (char *) temp); + _asn1_ltostr (counter, (char *) temp, sizeof(temp)); tlen = _asn1_strlen (temp); if (tlen > 0) diff --git a/lib/decoding.c b/lib/decoding.c index 7c6c9af..3f5e909 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -320,9 +320,9 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, val1 = der[len_len] / 40; val = der[len_len] - val1 * 40; - _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp)); + _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp, sizeof(temp))); _asn1_str_cat (str, str_size, "."); - _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); + _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp, sizeof(temp))); val = 0; leading = 1; @@ -344,7 +344,7 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, if (!(der[len_len + k] & 0x80)) { _asn1_str_cat (str, str_size, "."); - _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); + _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp, sizeof(temp))); val = 0; leading = 1; } @@ -1251,7 +1251,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, if (len3 > 0) { - _asn1_ltostr (counter + len3, temp); + _asn1_ltostr (counter + len3, temp, sizeof(temp)); tlen = strlen (temp); if (tlen > 0) _asn1_set_value (p, temp, tlen + 1); @@ -1339,7 +1339,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, { if (len3 > 0) { /* definite length method */ - _asn1_ltostr (counter + len3, temp); + _asn1_ltostr (counter + len3, temp, sizeof(temp)); tlen = strlen (temp); if (tlen > 0) diff --git a/lib/element.c b/lib/element.c index 3f31aa2..d748f46 100644 --- a/lib/element.c +++ b/lib/element.c @@ -152,7 +152,7 @@ _asn1_append_sequence_set (asn1_node node) n = strtol (p->name + 1, NULL, 0); n++; temp[0] = '?'; - _asn1_ltostr (n, temp + 1); + _asn1_ltostr (n, temp + 1, sizeof(temp)-1); } _asn1_set_name (p2, temp); /* p2->type |= CONST_OPTION; */ diff --git a/lib/parser_aux.h b/lib/parser_aux.h index ee01725..8ef105b 100644 --- a/lib/parser_aux.h +++ b/lib/parser_aux.h @@ -27,9 +27,9 @@ /***************************************/ inline static char * -_asn1_ltostr (long v, char *str) +_asn1_ltostr (long v, char *str, size_t str_size) { - sprintf(str, "%ld", v); + snprintf(str, str_size, "%ld", v); return str; } @@ -60,8 +60,6 @@ void _asn1_delete_list (void); void _asn1_delete_list_and_nodes (void); -char *_asn1_ltostr (long v, char *str); - asn1_node _asn1_find_up (asn1_node node); int _asn1_change_integer_value (asn1_node node); -- 2.7.4