Potential buffer overwrite in pem_write_buffer() fixed Length indication when given a too small buffer was off. Added regression test in test_suite_pem to detect this.

commit: 1630058dde922e0cfae7e0ab41c8409448c718a8 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 11 13:28:43 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 11 13:58:05 2014 +0200
tree: 504504acbbacc30bac82d62c242b55b33b207ef3
parent: d6ad8e949b3dce716601ea269e095db1b617533a [diff] [blame]
diff --git a/library/pem.c b/library/pem.c
index 2c9d10d..1cc23ba 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -382,10 +382,11 @@
 {
     int ret;
     unsigned char *encode_buf, *c, *p = buf;
-    size_t len = 0, use_len = 0;
-    size_t add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+    size_t len = 0, use_len = 0, add_len = 0;
 
     base64_encode( NULL, &use_len, der_data, der_len );
+    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+
     if( use_len + add_len > buf_len )
     {
         *olen = use_len + add_len;
commit	1630058dde922e0cfae7e0ab41c8409448c718a8	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 11 13:28:43 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 11 13:58:05 2014 +0200
tree	504504acbbacc30bac82d62c242b55b33b207ef3
parent	d6ad8e949b3dce716601ea269e095db1b617533a [diff] [blame]