From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 16:43:55 +0000 (+0200)
Subject: use_proxy(): Add missing terminating NUL byte
X-Git-Tag: openssl-3.3.5~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbf38c034cdabd0a13330abcc4855c866f53d2e0;p=thirdparty%2Fopenssl.git

use_proxy(): Add missing terminating NUL byte

Fixes CVE-2025-9232

There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6bca15039e99d37ce3a3564eb862a3b1ff40e63d)
---

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 4838d3ae2e6..9b1c39b39a9 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -261,6 +261,7 @@ static int use_proxy(const char *no_proxy, const char *server)
         /* strip leading '[' and trailing ']' from escaped IPv6 address */
         sl -= 2;
         strncpy(host, server + 1, sl);
+        host[sl] = '\0';
         server = host;
     }