From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Wed, 27 Aug 2025 08:48:20 +0000 (+0200)
Subject: crypto/bio/bio_print.c: always terminate output with \0
X-Git-Tag: openssl-3.6.0-alpha1~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7777db81f89020e08ded92cde6c2da3139a5e200;p=thirdparty%2Fopenssl.git

crypto/bio/bio_print.c: always terminate output with \0

Man page states that the result is terminated with \0 on error, however,
when the jump to the "out" label is performed in _dopr, writing out \0
is skipped.  Rearrange the end of the routine to make the "out" part
include the overflow calculation and the final \0 writing.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28177)
---

diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c
index 09ba69bad21..dc66603aad3 100644
--- a/crypto/bio/bio_print.c
+++ b/crypto/bio/bio_print.c
@@ -402,6 +402,9 @@ _dopr(char **sbuffer,
             break;
         }
     }
+    ret = 1;
+
+out:
     /*
      * We have to truncate if there is no dynamic buffer and we have filled the
      * static buffer.
@@ -411,12 +414,11 @@ _dopr(char **sbuffer,
         if (*truncated)
             desc.currlen = desc.maxlen - 1;
     }
+
     if (!doapr_outch(&desc, '\0'))
-        goto out;
-    *retlen = desc.currlen - 1;
-    ret = 1;
+        ret = 0;
 
-out:
+    *retlen = desc.currlen - 1;
     *sbuffer = desc.sbuffer;
     *maxlen = desc.maxlen;
 
diff --git a/test/bioprinttest.c b/test/bioprinttest.c
index d8d97553930..27dcc517ac1 100644
--- a/test/bioprinttest.c
+++ b/test/bioprinttest.c
@@ -139,6 +139,8 @@ static int test_zu(int i)
     char bio_buf[80];
     const z_data *data = &zu_data[i];
 
+    memset(bio_buf, '@', sizeof(bio_buf));
+
     BIO_snprintf(bio_buf, sizeof(bio_buf) - 1, data->format, data->value);
     if (!TEST_str_eq(bio_buf, data->expected))
         return 0;
@@ -167,6 +169,8 @@ static int test_j(int i)
     const j_data *data = &jf_data[i];
     char bio_buf[80];
 
+    memset(bio_buf, '@', sizeof(bio_buf));
+
     BIO_snprintf(bio_buf, sizeof(bio_buf) - 1, data->format, data->value);
     if (!TEST_str_eq(bio_buf, data->expected))
         return 0;
@@ -201,6 +205,8 @@ static int dofptest(int test, int sub, double val, const char *width, int prec)
     for (i = 0; i < (int)OSSL_NELEM(fspecs); i++) {
         const char *fspec = fspecs[i];
 
+        memset(result, '@', sizeof(result));
+
         if (prec >= 0)
             BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec,
                          fspec);