From 13bacff9aa9a457218ccdcf83224357c9464676e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 5 Aug 2016 17:59:32 +0100 Subject: [PATCH] Sanity check input length in OPENSSL_uni2asc(). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Thanks to Hanno Böck for reporting this bug. Reviewed-by: Rich Salz (cherry picked from commit 39a43280316f1b9c45be5ac5b04f4f5c3f923686) Conflicts: crypto/pkcs12/p12_utl.c --- crypto/pkcs12/p12_utl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index a0b992eab6..e466f762ff 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -91,6 +91,10 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; + + /* string must contain an even number of bytes */ + if (unilen & 1) + return NULL; asclen = unilen / 2; /* If no terminating zero allow for one */ if (!unilen || uni[unilen - 1]) -- 2.25.1