Fix loading inline tls-crypt-v2 keys with mbed TLS

Using a tls-crypt-v2 key with mbed TLS inline results in

PEM decode error: source buffer not null-terminated

This is because the mbed TLS decode PEM function excepts the last byte
in the buffer to be 0x00. When constructing the buffer we only made as
big as strlen, which does not include the 0x00 byte of a string. Add an
extra byte to ensure also the null byte is included in the buffer.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20190114154819.6064-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18091.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 85495d7f54249f5afbbd0734f826fc3d9f527c30..6bc2b7f8a94faf614ee968111f3a2e0a9b9b2656 100644 (file)
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -298,7 +298,7 @@ tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name,
     }
     else
     {
-        buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline));
+        buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1);
     }
 
     if (!crypto_pem_decode(pem_name, key, &key_pem))