From 8984dfbc963f52e9d49146ebd1d82a032b2b138d Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Wed, 14 Oct 2015 21:02:08 +0000
Subject: [PATCH] Ensure we don't write a 0 byte past end of the buffer in the
 error case. ok bcook@ deraadt@

---
 lib/libcrypto/objects/obj_dat.c         | 6 +++---
 lib/libssl/src/crypto/objects/obj_dat.c | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index 15c298e3330..82ebb9b1d20 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.31 2014/08/08 04:53:43 guenther Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -574,7 +574,7 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len;
+				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -586,7 +586,7 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len;
+				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
diff --git a/lib/libssl/src/crypto/objects/obj_dat.c b/lib/libssl/src/crypto/objects/obj_dat.c
index 15c298e3330..82ebb9b1d20 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/lib/libssl/src/crypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.31 2014/08/08 04:53:43 guenther Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -574,7 +574,7 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len;
+				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
@@ -586,7 +586,7 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 			if (i == -1)
 				goto err;
 			if (i >= buf_len) {
-				buf += buf_len;
+				buf += buf_len - 1;
 				buf_len = 0;
 			} else {
 				buf += i;
-- 
2.20.1