From 04c84548c2e1f3ef55b6737b454ba5b4d903b319 Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@gmail.com>
Date: Sat, 13 May 2017 12:37:50 +0200
Subject: [PATCH] Avoid a 1 byte overcopy in x509_get_subject
 (ssl_verify_openssl.c)

Trac: #890

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <CAO5O-EKGgpYAsJC5j+osB_LAteoUDbOwVYVqkB2=cA3a6VVHoA@mail.gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14649.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_verify_openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 8374783ea..d64f83c91 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -285,11 +285,11 @@ x509_get_subject (X509 *cert, struct gc_arena *gc)
 
   BIO_get_mem_ptr (subject_bio, &subject_mem);
 
-  maxlen = subject_mem->length + 1;
-  subject = gc_malloc (maxlen, false, gc);
+  maxlen = subject_mem->length;
+  subject = gc_malloc (maxlen+1, false, gc);
 
   memcpy (subject, subject_mem->data, maxlen);
-  subject[maxlen - 1] = '\0';
+  subject[maxlen] = '\0';
 
 err:
   if (subject_bio)
-- 
2.47.2