Fix potential buffer overrun for EBCDIC.
diff --git a/CHANGES b/CHANGES
index f817e93..e3f2653 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,9 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
request to response.
[Steve Henson]
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 62ec1f1..8a7659e 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -87,9 +87,16 @@
else BIO_printf(out, "%s:%s", nval->name, nval->value);
#else
else {
- char tmp[10240]; /* 10k is BIO_printf's limit anyway */
- ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1);
- BIO_printf(out, "%s:%s", nval->name, tmp);
+ int len;
+ char *tmp;
+ len = strlen(nval->value)+1;
+ tmp = OPENSSL_malloc(len);
+ if (tmp)
+ {
+ ascii2ebcdic(tmp, nval->value, len);
+ BIO_printf(out, "%s:%s", nval->name, tmp);
+ OPENSSL_free(tmp);
+ }
}
#endif
if(ml) BIO_puts(out, "\n");
@@ -123,9 +130,16 @@
BIO_printf(out, "%*s%s", indent, "", value);
#else
{
- char tmp[10240]; /* 10k is BIO_printf's limit anyway */
- ascii2ebcdic(tmp, value, strlen(value)+1);
- BIO_printf(out, "%*s%s", indent, "", tmp);
+ int len;
+ char *tmp;
+ len = strlen(value)+1;
+ tmp = OPENSSL_malloc(len);
+ if (tmp)
+ {
+ ascii2ebcdic(tmp, value, len);
+ BIO_printf(out, "%*s%s", indent, "", tmp);
+ OPENSSL_free(tmp);
+ }
}
#endif
} else if(method->i2v) {
