From: Kp <kp@valhallalegends.com>
Date: Sat, 31 May 2008 21:37:45 +0000 (-0500)
Subject: ASN1: Fix stack variable overwrite when encoding OID.
X-Git-Tag: silc.server.1.1.12~5^2
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=ebfe5dc8641467efea3506a4797a2b1260b2da55

ASN1: Fix stack variable overwrite when encoding OID.

The call to sscanf specifies a format string of "%lu", a long unsigned
int.  The pointer argument was cast to unsigned long *, but this is
wrong for 64 bit systems.  On 64 bit systems, unsigned long is 64 bits,
but the oid value is a SilcUInt32 on all systems.  As a result, sscanf
will overwrite a neighboring variable on the stack.  Fix this by
changing the format string to "%u" and removing the cast.
---

diff --git a/lib/silcasn1/silcasn1_encode.c b/lib/silcasn1/silcasn1_encode.c
index 11b963ec..986909c4 100644
--- a/lib/silcasn1/silcasn1_encode.c
+++ b/lib/silcasn1/silcasn1_encode.c
@@ -351,7 +351,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2,
 	/* Get OID words from the string */
 	cp = strchr(oidstr, '.');
 	while (cp) {
-	  if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) {
+	  if (sscanf(oidstr, "%u", &oid) != 1) {
 	    SILC_LOG_DEBUG(("Malformed OID string"));
 	    goto fail;
 	  }
@@ -362,7 +362,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2,
 	  cp = strchr(oidstr, '.');
 
 	  if (!cp) {
-	    if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) {
+	    if (sscanf(oidstr, "%u", &oid) != 1) {
 	      SILC_LOG_DEBUG(("Malformed OID string"));
 	      goto fail;
 	    }