Hallo,
I have a problem with BIO_printf:
It is possible to crash a program using BIO_printf passing data
resulting in a very long (> 1024*2 char) string.
We should fix this by using vsnprintf() instead of vsprintf().
(and snprintf instead of sprintf)
But on some systems there is no (v)snprintf.
There we must use (v)sprintf().
(And hope this will be fixed soon...)
Sorry, I didn't look in the configuration scripts how to set the macro...
By
Goetz
int BIO_printf (BIO *bio, ...)
{
va_list args;
char *format;
int ret;
MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
va_start(args, bio);
format=va_arg(args, char *);
hugebuf[0]='\0';
hugebuf[sizeof(hugebuf)-1] = '\0';
#ifdef HAS_VSNPRINTF
vsnprintf(hugebuf,sizeof(hugebuf)-1),format,args);
#else
vsprintf(hugebuf,format,args);
#endif
ret=BIO_write(bio,hugebuf,strlen(hugebuf));
va_end(args);
return(ret);
}
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center GmbH http://www.trustcenter.de
Sonninstr. 24-28 / 20097 Hamburg / Germany Tel.:+49-(0)40 80 80 26 -0
Fax:-126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
