-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: tls
-
None
MultiByteToWideChar documents:
Calling this function can easily cause a buffer overrun because the size of the input buffer indicated by lpMultiByteStr equals the number of bytes in the string, while the size of the output buffer indicated by lpWideCharStr equals the number of characters.
In mongoc_secure_channel_setup_crl it appears we have the same issue:
str = (LPWSTR) bson_malloc0 (chars); MultiByteToWideChar (CP_ACP, 0, opt->crl_file, -1, str, chars);
This allocates chars bytes, but should be allocating chars number of wchar_t (2 bytes each).
This was discovered when manually testing the crl_file on Windows to document how OCSP interacts with the crl_file option.
- related to
-
CDRIVER-3586 Test crl_file for all TLS implementations
- Backlog