diff options
author | Daniel Stenberg <daniel@haxx.se> | 2011-01-01 15:33:57 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2011-01-01 15:33:57 +0100 |
commit | ae291421984a266176df34f24d3a5e76d76ec7c8 (patch) | |
tree | 421e1e19c457408facf11a16b4d38e1c50c48f4e | |
parent | cd045e24a08a5d5a0c936d4d9e27506b0f390da7 (diff) |
pubkey_show: allocate buffer to fit any-size result
The loop condition was wrong so keys larger than 340 bits would overflow
the local stack-based buffer.
-rw-r--r-- | lib/ssluse.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 9e3fca392..0b67f2186 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1840,21 +1840,25 @@ static void pubkey_show(struct SessionHandle *data, unsigned char *raw, int len) { - char buffer[1024]; - size_t left = sizeof(buffer); + size_t left; int i; - char *ptr=buffer; char namebuf[32]; - - snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); - - for(i=0; i< len; i++) { - snprintf(ptr, left, "%02x:", raw[i]); - ptr += 3; - left -= 3; + char *buffer; + + left = sizeof(len*3 + 1); + buffer = malloc(left); + if(buffer) { + char *ptr=buffer; + snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); + for(i=0; i< len; i++) { + snprintf(ptr, left, "%02x:", raw[i]); + ptr += 3; + left -= 3; + } + infof(data, " %s: %s\n", namebuf, buffer); + push_certinfo(data, num, namebuf, buffer); + free(buffer); } - infof(data, " %s: %s\n", namebuf, buffer); - push_certinfo(data, num, namebuf, buffer); } #define print_pubkey_BN(_type, _name, _num) \ |