From: tedu <tedu@openbsd.org>
Date: Wed, 14 Oct 2015 21:54:10 +0000 (+0000)
Subject: better fix for overrun reported by Qualys Security.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fe547197fae5bcefba6436bbe7d5442719d0f667;p=openbsd

better fix for overrun reported by Qualys Security.
buf is at all times kept nul terminated, so there is no need to enforce
this again upon exit. (no need to move buf around after we exahust space.)
ok beck miod
---

diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index dd5d50122b9..627f3230a7c 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.34 2015/10/14 21:25:16 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.35 2015/10/14 21:54:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -580,7 +580,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -592,7 +591,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -609,7 +607,6 @@ out:
 
 err:
 	ret = 0;
-	buf[0] = '\0';
 	goto out;
 }
 
diff --git a/lib/libssl/src/crypto/objects/obj_dat.c b/lib/libssl/src/crypto/objects/obj_dat.c
index dd5d50122b9..627f3230a7c 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/lib/libssl/src/crypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.34 2015/10/14 21:25:16 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.35 2015/10/14 21:54:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -580,7 +580,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -592,7 +591,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -609,7 +607,6 @@ out:
 
 err:
 	ret = 0;
-	buf[0] = '\0';
 	goto out;
 }