From: Daniel Stenberg Date: Sat, 3 May 2014 22:50:10 +0000 (+0200) Subject: openssl: biomem->data is not zero terminated X-Git-Tag: curl-7_37_0~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21aafd09f6758352cf2d70cbe5cc8ea018354d63;p=thirdparty%2Fcurl.git openssl: biomem->data is not zero terminated So printf(%s) on it or reading before bounds checking is wrong, fixing it. Could previously lead to reading out of boundary. Reported-by: Török Edwin --- diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index b59233a252..5a665661f4 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2117,7 +2117,7 @@ static int X509V3_ext(struct SessionHandle *data, sep=", "; j++; /* skip the newline */ }; - while((biomem->data[j] == ' ') && (j<(size_t)biomem->length)) + while((j<(size_t)biomem->length) && (biomem->data[j] == ' ')) j++; if(j<(size_t)biomem->length) ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, @@ -2159,8 +2159,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert) BIO_get_mem_ptr(bio_out, &biomem); - infof(data, "%s\n", biomem->data); - Curl_ssl_push_certinfo_len(data, numcert, "Cert", biomem->data, biomem->length);