arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-13 13:01:55 +03:00
Code Activity

Fix in asn1_get_printable string

Browse Source 
Buffer overflow vulnerability in proc.c
Possible double memory release on invalid certificates.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@221 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2012-02-10 10:31:02 +00:00
parent 1378f8a78f
commit ffa4da45ee
5 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/loader.c
View File

@ -259,6 +259,7 @@ static int pem_decrypt(const char *where, const char *end,
/* turn base64 into binary */
pem_size = (int)(end-start);
ssl_obj->len = sizeof(ssl_obj->buf);
if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
goto error;
@ -326,11 +327,15 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
goto error;
}
}
else if (base64_decode(start, pem_size,
ssl_obj->buf, &ssl_obj->len) != 0)
else
{
ret = SSL_ERROR_BAD_CERTIFICATE;
goto error;
ssl_obj->len = pem_size;
if (base64_decode(start, pem_size,
ssl_obj->buf, &ssl_obj->len) != 0)
{
ret = SSL_ERROR_BAD_CERTIFICATE;
goto error;
}
}
switch (i)