Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
buffer weakness #4


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 buffer weakness.

		  idx = i;
		  i = X509_NAME_get_index_by_NID (subj, NID_commonName, i);
	      while (i >= 0);

	      if (idx >= 0
		  && (cn = X509_NAME_ENTRY_get_data (
						X509_NAME_get_entry (subj, idx)
						     )) != NULL)
		  unsigned char *str = NULL;
		  int len = ASN1_STRING_to_UTF8 (&str, cn);

		  if (str != NULL)
		      if (strlen ((char *) str) == len
			  && match_domain (session->host, (char *) str))
			ok = 1;
			  buf[0] = '\0';
			  strncat (buf, (char *) str, sizeof buf - 1);
		      OPENSSL_free (str);

      if (!ok && session->event_cb != NULL)
	(*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
			      session->event_cb_arg, &ok, buf, ssl);

      X509_free (cert);
  return ok;

cmd_starttls (siobuf_t conn, smtp_session_t session)
  sio_write (conn, "STARTTLS\r\n", -1);
  session->cmd_state = -1;

rsp_starttls (siobuf_t conn, smtp_session_t session) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.