From: Steffan Karger <steffan@karger.me>
Date: Thu, 5 Mar 2015 21:58:36 +0000 (+0100)
Subject: polarssl: make sure to always null-terminate the cn
X-Git-Tag: v2.4_alpha1~322
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63559e142eb71a5e38dfc55d429f35f6e1af0b7c;p=thirdparty%2Fopenvpn.git

polarssl: make sure to always null-terminate the cn

Just a precaution, this could never fail in the current code since in the
one place this function is called, the cn is already zero-initialized.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1425592716-14243-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9511
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index e21301d30..2edf21dd3 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -115,7 +115,10 @@ backend_x509_get_username (char *cn, int cn_len,
 
   /* Found, extract CN */
   if (cn_len > name->val.len)
-    memcpy( cn, name->val.p, name->val.len );
+    {
+      memcpy( cn, name->val.p, name->val.len );
+      cn[name->val.len] = '\0';
+    }
   else
     {
       memcpy( cn, name->val.p, cn_len);