fix cmp mock server to not depend on NUL bytes in ASN1_STRING

ASN1_STRING is documented that the behavior of NUL byte addition
should not be depended upon.

The mock server calls strcmp on the bare data from an ASN1_STRING.
This only works if the data is NUL terminated.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Wed May 20 16:01:47 2026
(Merged from https://github.com/openssl/openssl/pull/31202)

diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index caae0ae3b80b33130f68e81edcab3bbb2e2a510a..43cf6af314c3a93042ec356a312e64b803b0831a 100644 (file)
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -345,6 +345,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
             STACK_OF(ASN1_UTF8STRING) *strs;
             ASN1_UTF8STRING *str;
             const char *data;
+            int len;
 
             if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {
                 if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))
@@ -359,7 +360,8 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
                     ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
                     return NULL;
                 }
-                if (strcmp(data, "profile1") != 0) {
+                if (((len = ASN1_STRING_length(str)) != (int)sizeof("profile1") - 1)
+                    || memcmp(data, "profile1", len) != 0) {
                     ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
                     return NULL;
                 }