Buffer overflow in _gnutls_bin2hex()
Maybe this can never be reached, but better be cautious.
If oldlen == 0, then buffer overflow.
@@ -454,13 +459,15 @@ char *_gnutls_bin2hex(const void *_old, size_t oldlen, char *buffer,
}
i = j = 0;
- sprintf(&buffer[j], "%.2x", old[i]);
- j += 2;
- i++;
-
- for (; i < oldlen && j + step < buffer_size; j += step) {
- sprintf(&buffer[j], "%s%.2x", separator, old[i]);
+ if (oldlen > 0) {
+ sprintf(&buffer[j], "%.2x", old[i]);
+ j += 2;
i++;
+
+ for (; i < oldlen && j + step < buffer_size; j += step) {
+ sprintf(&buffer[j], "%s%.2x", separator, old[i]);
+ i++;
+ }
}
buffer[j] = '\0';