From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Aug 2021 16:37:41 +0000 (+0100)
Subject: Fix test code to not assume NUL terminated strings
X-Git-Tag: OpenSSL_1_1_1l~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4de66925203ca99189c842136ec4a623137ea447;p=thirdparty%2Fopenssl.git

Fix test code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
---

diff --git a/test/x509_time_test.c b/test/x509_time_test.c
index b6fd38a5c58..d0993d9c041 100644
--- a/test/x509_time_test.c
+++ b/test/x509_time_test.c
@@ -330,10 +330,12 @@ static int test_x509_time(int idx)
 
     /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
     if (t != NULL && x509_format_tests[idx].expected_string) {
-        if (!TEST_str_eq((const char *)t->data,
-                    x509_format_tests[idx].expected_string)) {
-            TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n",
-                    idx, x509_format_tests[idx].expected_string, t->data);
+        if (!TEST_mem_eq((const char *)t->data, t->length,
+                    x509_format_tests[idx].expected_string,
+                    strlen(x509_format_tests[idx].expected_string))) {
+            TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n",
+                    idx, x509_format_tests[idx].expected_string, t->length,
+                    t->data);
             goto out;
         }
     }