From: tb Date: Tue, 23 May 2023 11:04:04 +0000 (+0000) Subject: Always NUL terminate buf in OBJ_obj2txt() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=04bfea2a9ceb89b409706a2dfd614cd46b3b785f;p=openbsd Always NUL terminate buf in OBJ_obj2txt() OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe. ok miod --- diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c index 6adc4068a31..fcc21ddfb42 100644 --- a/lib/libcrypto/objects/obj_dat.c +++ b/lib/libcrypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.51 2022/12/26 07:18:52 jmc Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.52 2023/05/23 11:04:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -499,6 +499,9 @@ OBJ_txt2obj(const char *s, int no_name) int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name) { + if (buf_len > 0) + buf[0] = '\0'; + if (aobj == NULL || aobj->data == NULL) return 0;