Commit 21aafd09 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: biomem->data is not zero terminated 

So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
parent 45c037a1

lib/vtls/openssl.c

+1 −3
Original line number Diff line number Diff line
@@ -2117,7 +2117,7 @@ static int X509V3_ext(struct SessionHandle *data, 
        sep=", ";

        j++; /* skip the newline */

      };

      while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))

      while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))

        j++;

      if(j<(size_t)biomem->length)

        ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
@@ -2159,8 +2159,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert) 


  BIO_get_mem_ptr(bio_out, &biomem);



  infof(data, "%s\n", biomem->data);



  Curl_ssl_push_certinfo_len(data, numcert,

                             "Cert", biomem->data, biomem->length);