From ae291421984a266176df34f24d3a5e76d76ec7c8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 1 Jan 2011 15:33:57 +0100 Subject: pubkey_show: allocate buffer to fit any-size result The loop condition was wrong so keys larger than 340 bits would overflow the local stack-based buffer. --- lib/ssluse.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 9e3fca392..0b67f2186 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1840,21 +1840,25 @@ static void pubkey_show(struct SessionHandle *data, unsigned char *raw, int len) { - char buffer[1024]; - size_t left = sizeof(buffer); + size_t left; int i; - char *ptr=buffer; char namebuf[32]; - - snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); - - for(i=0; i< len; i++) { - snprintf(ptr, left, "%02x:", raw[i]); - ptr += 3; - left -= 3; + char *buffer; + + left = sizeof(len*3 + 1); + buffer = malloc(left); + if(buffer) { + char *ptr=buffer; + snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); + for(i=0; i< len; i++) { + snprintf(ptr, left, "%02x:", raw[i]); + ptr += 3; + left -= 3; + } + infof(data, " %s: %s\n", namebuf, buffer); + push_certinfo(data, num, namebuf, buffer); + free(buffer); } - infof(data, " %s: %s\n", namebuf, buffer); - push_certinfo(data, num, namebuf, buffer); } #define print_pubkey_BN(_type, _name, _num) \ -- cgit v1.2.3