Re: [openssl.org #147] [PATCH] The function print_name in apps/apps.c truncates X509_NAM Es that are longer than 255 characters

[Yuval Pemper via RT]

Another problem with my code: the buffer I allocated wasn't freed... 
Thanks to Peter Sylvester for pointing this out. I also moved the 
allocation of the buffer to where it's actually used.

Yuval

diff -ur openssl-engine-0.9.6d/apps/apps.c 
openssl-engine-0.9.6d-patch/apps/apps.c
--- openssl-engine-0.9.6d/apps/apps.c   Sun Sep 17 23:37:16 2000
+++ openssl-engine-0.9.6d-patch/apps/apps.c     Mon Jul 15 14:40:57 2002
@@ -757,22 +757,36 @@

 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-       char buf[256];
-       char mline = 0;
-       int indent = 0;
-       if(title) BIO_puts(out, title);
-       if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-               mline = 1;
-               indent = 4;
-       }
-       if(lflags == XN_FLAG_COMPAT) {
-               X509_NAME_oneline(nm,buf,256);
-               BIO_puts(out,buf);
-               BIO_puts(out, "\n");
-       } else {
-               if(mline) BIO_puts(out, "\n");
-               X509_NAME_print_ex(out, nm, indent, lflags);
-               BIO_puts(out, "\n");
-       }
+  int half_buf_size = 256;
+  char* buf;
+  int len1, len2;
+  char mline = 0;
+  int indent = 0;
+
+  if(title) BIO_puts(out, title);
+  if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+    mline = 1;
+    indent = 4;
+  }
+  if(lflags == XN_FLAG_COMPAT) {
+    buf = (char*) OPENSSL_malloc(half_buf_size * 2);
+    while(1) {
+      X509_NAME_oneline(nm, buf, half_buf_size);
+      len1 = strlen(buf);
+      X509_NAME_oneline(nm, buf, half_buf_size*2);
+      len2 = strlen(buf);
+      if(len1 == len2)
+       break;
+      half_buf_size *= 2;
+      buf = OPENSSL_realloc(buf, half_buf_size * 2);
+    }
+    BIO_puts(out,buf);
+    OPENSSL_free(buf);
+    BIO_puts(out, "\n");
+  } else {
+    if(mline) BIO_puts(out, "\n");
+    X509_NAME_print_ex(out, nm, indent, lflags);
+    BIO_puts(out, "\n");
+  }
 }


Yuval Pemper wrote:

> After further thought, this is a simpler solution:
>
> diff -ur openssl-engine-0.9.6d/apps/apps.c 
> openssl-engine-0.9.6d-patch/apps/apps.c
> --- openssl-engine-0.9.6d/apps/apps.c    Sun Sep 17 23:37:16 2000
> +++ openssl-engine-0.9.6d-patch/apps/apps.c    Mon Jul 15 12:18:48 2002
> @@ -757,22 +757,34 @@
>
> void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long 
> lflags)
> {
> -    char buf[256];
> -    char mline = 0;
> -    int indent = 0;
> -    if(title) BIO_puts(out, title);
> -    if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
> -        mline = 1;
> -        indent = 4;
> -    }
> -    if(lflags == XN_FLAG_COMPAT) {
> -        X509_NAME_oneline(nm,buf,256);
> -        BIO_puts(out,buf);
> -        BIO_puts(out, "\n");
> -    } else {
> -        if(mline) BIO_puts(out, "\n");
> -        X509_NAME_print_ex(out, nm, indent, lflags);
> -        BIO_puts(out, "\n");
> -    }
> +  int half_buf_size = 256;
> +  char* buf = (char*) OPENSSL_malloc(half_buf_size * 2);
> +  int len1, len2;
> +  char mline = 0;
> +  int indent = 0;
> +
> +  if(title) BIO_puts(out, title);
> +  if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
> +    mline = 1;
> +    indent = 4;
> +  }
> +  if(lflags == XN_FLAG_COMPAT) {   +    while(1) {
> +      X509_NAME_oneline(nm, buf, half_buf_size);
> +      len1 = strlen(buf);
> +      X509_NAME_oneline(nm, buf, half_buf_size*2);
> +      len2 = strlen(buf);
> +      if(len1 == len2)
> +    break;
> +      half_buf_size *= 2;
> +      buf = OPENSSL_realloc(buf, half_buf_size * 2);
> +    }
> +    BIO_puts(out,buf);
> +    BIO_puts(out, "\n");
> +  } else {
> +    if(mline) BIO_puts(out, "\n");
> +    X509_NAME_print_ex(out, nm, indent, lflags);
> +    BIO_puts(out, "\n");
> +  }
> }
>
>
> The fix isn't foolproof, though. I noticed that X509_NAME_oneline 
> never returns truncated attribute values. So, if the X509_NAME 
> contains an attribute value longer than 256 characters, the wrong name 
> may be printed out. There may be a completely different solution to 
> this issue, but since I'm not that familiar with the OpenSSL code, I'm 
> unaware of it.
>
> Yuval Pemper
> Development Team Leader
> Application Servers Group
> Radware Ltd.
>
> http://www.radware.com
>
>
>
> Yuval Pemper via RT wrote:
>
>> Hi,
>>
>> I tries posting this message before, but it seems to not have gotten 
>> through. If it already has, my apologies.
>>
>> I came across a shortcoming in the "openssl x509" command, which caused
>> the subjects of certificates with subjects longer than 255 characters to
>> be truncated when printed out.. The reason is that the print_name
>> function in apps/apps.c uses a buffer of size 256, instead of allocating
>> a dynamic buffer.
>>
>> The patch to this problem is given below. Please note that because I 
>> didn't want to change the interface to the X509_NAME_oneline 
>> function, I had to resort to a non optimal method of determining the 
>> appropriate buffer size.
>>
>> Yuval Pemper
>> Development Team Leader
>> Application Servers Group
>> Radware Ltd.
>>
>> http://www.radware.com
>>
>>
>>
>> diff -ur openssl-engine-0.9.6d/apps/apps.c 
>> openssl-engine-0.9.6d-patch/apps/apps.c
>> --- openssl-engine-0.9.6d/apps/apps.c    Sun Sep 17 23:37:16 2000
>> +++ openssl-engine-0.9.6d-patch/apps/apps.c    Thu Jul 11 19:58:09 2002
>> @@ -757,22 +757,37 @@
>>
>>  void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long 
>> lflags)
>>  {
>> - char buf[256];
>> - char mline = 0;
>> - int indent = 0;
>> - if(title) BIO_puts(out, title);
>> - if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
>> -     mline = 1;
>> -     indent = 4;
>> - }
>> - if(lflags == XN_FLAG_COMPAT) {
>> -     X509_NAME_oneline(nm,buf,256);
>> -     BIO_puts(out,buf);
>> -     BIO_puts(out, "\n");
>> - } else {
>> -     if(mline) BIO_puts(out, "\n");
>> -     X509_NAME_print_ex(out, nm, indent, lflags);
>> -     BIO_puts(out, "\n");
>> - }
>> +  int buf_size = 256;
>> +  char* buf = (char*) OPENSSL_malloc(buf_size);
>> +  char* buf2 = (char*) OPENSSL_malloc(buf_size*2);
>> +  char mline = 0;
>> +  int indent = 0;
>> +
>> +  *buf = '\0';
>> +  *buf2 = '\0';
>> +  if(title) BIO_puts(out, title);
>> +  if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
>> +    mline = 1;
>> +    indent = 4;
>> +  }
>> +  if(lflags == XN_FLAG_COMPAT) {
>> +    while(1) {
>> +      X509_NAME_oneline(nm,buf,buf_size);
>> +      X509_NAME_oneline(nm,buf2,buf_size*2);
>> +      if(strlen(buf) == strlen(buf2))
>> + break;
>> +      buf_size *= 2;
>> +      buf = OPENSSL_realloc(buf, buf_size);
>> +      buf2 = OPENSSL_realloc(buf2, buf_size*2);
>> +      *buf = '\0';
>> +      *buf2 = '\0';
>> +    }
>> +    BIO_puts(out,buf);
>> +    BIO_puts(out, "\n");
>> +  } else {
>> +    if(mline) BIO_puts(out, "\n");
>> +    X509_NAME_print_ex(out, nm, indent, lflags);
>> +    BIO_puts(out, "\n");
>> +  }
>>  }
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> Development Mailing List                       [EMAIL PROTECTED]
>> Automated List Manager                           [EMAIL PROTECTED]
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> Development Mailing List                       [EMAIL PROTECTED]
>> Automated List Manager                           [EMAIL PROTECTED]
>>
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]