[openssl.org #3537] Bug in TS_check_status_info() and misleading comments

Fri, 19 Sep 2014 03:00:14 -0700 

In the TS_check_status_info() there is bug where instead of appending
the ',' character to the failure info texts this character overwrites
the previous failure info text with strcpy() call.

Also the TS_STATUS_BUF_SIZE is named incorrectly as it does not relate
to status text but to the failure info text.

The attached patch fixes these minor bugs.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)



diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 3c7f816..ec0d37e 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -87,8 +87,6 @@ static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name);
 
 /*
  * Local mapping between response codes and descriptions.
- * Don't forget to change TS_STATUS_BUF_SIZE when modifying 
- * the elements of this array.
  */
 static const char *TS_status_text[] =
 	{ "granted",
@@ -101,11 +99,15 @@ static const char *TS_status_text[] =
 #define TS_STATUS_TEXT_SIZE	(sizeof(TS_status_text)/sizeof(*TS_status_text))
 
 /*
- * This must be greater or equal to the sum of the strings in TS_status_text
+ * This must be greater or equal to the sum of the strings in TS_failure_info
  * plus the number of its elements.
  */
-#define TS_STATUS_BUF_SIZE	256
+#define TS_FAILURE_INFO_BUF_SIZE	256
 
+/*
+ * Don't forget to change TS_FAILURE_INFO_BUF_SIZE when modifying 
+ * the elements of this array.
+ */
 static struct
 	{
 	int code;
@@ -482,7 +484,7 @@ static int TS_check_status_info(TS_RESP *response)
 	long status = ASN1_INTEGER_get(info->status);
 	const char *status_text = NULL;
 	char *embedded_status_text = NULL;
-	char failure_text[TS_STATUS_BUF_SIZE] = "";
+	char failure_text[TS_FAILURE_INFO_BUF_SIZE] = "";
 
 	/* Check if everything went fine. */
 	if (status == 0 || status == 1) return 1;
@@ -509,7 +511,7 @@ static int TS_check_status_info(TS_RESP *response)
 						    TS_failure_info[i].code))
 				{
 				if (!first)
-					strcpy(failure_text, ",");
+					strcat(failure_text, ",");
 				else
 					first = 0;
 				strcat(failure_text, TS_failure_info[i].text);

Reply via email to