From 4fd0b256a848f96cdadc83a940cb79d865fe0bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 26 Jun 2015 14:15:48 +0200 Subject: [PATCH] Fix dual use of buffer in test x509_get_name() does not make defensive copies of strings in its input (which is OK as usually the caller will have made a copy already), so we shouldn't reuse its input buffer as an output while "parsed" is still alive. --- tests/suites/test_suite_x509write.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 356af7524f..c3773ba549 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -140,9 +140,10 @@ void mbedtls_x509_string_to_names( char *name, char *parsed_name, int result ) size_t len = 0; mbedtls_asn1_named_data *names = NULL; mbedtls_x509_name parsed, *parsed_cur, *parsed_prv; - unsigned char buf[2048], *c; + unsigned char buf[1024], out[1024], *c; memset( &parsed, 0, sizeof( parsed ) ); + memset( out, 0, sizeof( out ) ); memset( buf, 0, sizeof( buf ) ); c = buf + sizeof( buf ); @@ -159,10 +160,10 @@ void mbedtls_x509_string_to_names( char *name, char *parsed_name, int result ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 ); TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 ); - ret = mbedtls_x509_dn_gets( (char *) buf, sizeof( buf ), &parsed ); + ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed ); TEST_ASSERT( ret > 0 ); - TEST_ASSERT( strcmp( (char *) buf, parsed_name ) == 0 ); + TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 ); exit: mbedtls_asn1_free_named_data_list( &names );