Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)

Trac: #890

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <CAO5O-EKGgpYAsJC5j+osB_LAteoUDbOwVYVqkB2=cA3a6VVHoA@mail.gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14649.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 8374783eab55c44663ac4fee8a79fc8b0ca82121..d64f83c911cdf69e9359cac162ffdc323109d5d9 100644 (file)
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -285,11 +285,11 @@ x509_get_subject (X509 *cert, struct gc_arena *gc)
 
   BIO_get_mem_ptr (subject_bio, &subject_mem);
 
-  maxlen = subject_mem->length + 1;
-  subject = gc_malloc (maxlen, false, gc);
+  maxlen = subject_mem->length;
+  subject = gc_malloc (maxlen+1, false, gc);
 
   memcpy (subject, subject_mem->data, maxlen);
-  subject[maxlen - 1] = '\0';
+  subject[maxlen] = '\0';
 
 err:
   if (subject_bio)