ASN1: Fix stack variable overwrite when encoding OID.

The call to sscanf specifies a format string of "%lu", a long unsigned
int.  The pointer argument was cast to unsigned long *, but this is
wrong for 64 bit systems.  On 64 bit systems, unsigned long is 64 bits,
but the oid value is a SilcUInt32 on all systems.  As a result, sscanf
will overwrite a neighboring variable on the stack.  Fix this by
changing the format string to "%u" and removing the cast.

diff --git a/lib/silcasn1/silcasn1_encode.c b/lib/silcasn1/silcasn1_encode.c
index 11b963ecb6fca8139a54caa5621376aef740f64d..986909c4d7348cdd43e4146dc9cb9f217510e381 100644 (file)
--- a/lib/silcasn1/silcasn1_encode.c
+++ b/lib/silcasn1/silcasn1_encode.c
@@ -351,7 +351,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2,
        /* Get OID words from the string */
        cp = strchr(oidstr, '.');
        while (cp) {
        /* Get OID words from the string */
        cp = strchr(oidstr, '.');
        while (cp) {

-         if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) {
+         if (sscanf(oidstr, "%u", &oid) != 1) {

            SILC_LOG_DEBUG(("Malformed OID string"));
            goto fail;
          }
            SILC_LOG_DEBUG(("Malformed OID string"));
            goto fail;
          }


@@ -362,7 +362,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2,
          cp = strchr(oidstr, '.');
 
          if (!cp) {
          cp = strchr(oidstr, '.');
 
          if (!cp) {

-           if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) {
+           if (sscanf(oidstr, "%u", &oid) != 1) {

              SILC_LOG_DEBUG(("Malformed OID string"));
              goto fail;
            }
              SILC_LOG_DEBUG(("Malformed OID string"));
              goto fail;
            }