Allow fuzz builds to detect string overruns
If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell
2 years ago
| 291 | 291 | } |
| 292 | 292 | if ((size_t)str->length <= len || str->data == NULL) { |
| 293 | 293 | c = str->data; |
| 294 | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
| 295 | /* No NUL terminator in fuzzing builds */ | |
| 296 | str->data = OPENSSL_realloc(c, len); | |
| 297 | #else | |
| 294 | 298 | str->data = OPENSSL_realloc(c, len + 1); |
| 299 | #endif | |
| 295 | 300 | if (str->data == NULL) { |
| 296 | 301 | ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); |
| 297 | 302 | str->data = c; |
| 301 | 306 | str->length = len; |
| 302 | 307 | if (data != NULL) { |
| 303 | 308 | memcpy(str->data, data, len); |
| 304 | /* an allowance for strings :-) */ | |
| 309 | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
| 310 | /* | |
| 311 | * Add a NUL terminator. This should not be necessary - but we add it as | |
| 312 | * a safety precaution | |
| 313 | */ | |
| 305 | 314 | str->data[len] = '\0'; |
| 315 | #endif | |
| 306 | 316 | } |
| 307 | 317 | return 1; |
| 308 | 318 | } |