From: Eric Biggers <ebiggers@xxxxxxxxxx>
Callers of sprint_oid() do not check its return value before printing
the result. In the case where the OID is zero-length, -EBADMSG was
being returned without anything being written to the buffer, resulting
in uninitialized stack memory being printed. Fix this by writing
"(empty)" to the buffer in that case.
Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings")
Cc: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
lib/oid_registry.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index 5a75d127995d..3640170f0d65 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -115,8 +115,10 @@ int sprint_oid(const void *data, size_t datasize, char *buffer, size_t bufsize)
size_t ret;
int count;
- if (v >= end)
+ if (v >= end) {
+ snprintf(buffer, bufsize, "(empty)");
return -EBADMSG;
+ }
n = *v++;
ret = count = snprintf(buffer, bufsize, "%u.%u", n / 40, n % 40);
--
2.15.0
