From ebfe5dc8641467efea3506a4797a2b1260b2da55 Mon Sep 17 00:00:00 2001 From: Kp Date: Sat, 31 May 2008 16:37:45 -0500 Subject: [PATCH] ASN1: Fix stack variable overwrite when encoding OID. The call to sscanf specifies a format string of "%lu", a long unsigned int. The pointer argument was cast to unsigned long *, but this is wrong for 64 bit systems. On 64 bit systems, unsigned long is 64 bits, but the oid value is a SilcUInt32 on all systems. As a result, sscanf will overwrite a neighboring variable on the stack. Fix this by changing the format string to "%u" and removing the cast. --- lib/silcasn1/silcasn1_encode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/silcasn1/silcasn1_encode.c b/lib/silcasn1/silcasn1_encode.c index 11b963ec..986909c4 100644 --- a/lib/silcasn1/silcasn1_encode.c +++ b/lib/silcasn1/silcasn1_encode.c @@ -351,7 +351,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2, /* Get OID words from the string */ cp = strchr(oidstr, '.'); while (cp) { - if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) { + if (sscanf(oidstr, "%u", &oid) != 1) { SILC_LOG_DEBUG(("Malformed OID string")); goto fail; } @@ -362,7 +362,7 @@ silc_asn1_encoder(SilcAsn1 asn1, SilcStack stack1, SilcStack stack2, cp = strchr(oidstr, '.'); if (!cp) { - if (sscanf(oidstr, "%lu", (unsigned long *)&oid) != 1) { + if (sscanf(oidstr, "%u", &oid) != 1) { SILC_LOG_DEBUG(("Malformed OID string")); goto fail; } -- 2.24.0