Fix off-by-one size computation that leads to truncated strings.

Reported by Tim Kosse <tim.kosse@filezilla-project.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
author: Simon Josefsson <simon@josefsson.org> 2009-06-22 11:30:05 +0200
committer: Simon Josefsson <simon@josefsson.org> 2009-08-07 00:58:23 +0200
commit: 34b25074bcf6c8472fe5b0b5391880fb64f53e09 (patch)
tree: b5a80aeb6bcc57f8a73b430b7982ccb2b5a76b7c
parent: a86117380dca2b4e2d0dae4eef5d2fa56feb8305 (diff)
download: gnutls-34b25074bcf6c8472fe5b0b5391880fb64f53e09.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 662fd9f236..daf14dfece 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -36,7 +36,7 @@
  */
 
 /* Converts the given OID to an ldap acceptable string or
- * a dotted OID. 
+ * a dotted OID.
  */
 static const char *
 oid2ldap_string (const char *oid)
@@ -240,7 +240,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
 	  ldap_desc = oid2ldap_string (oid);
 	  printable = _gnutls_x509_oid_data_printable (oid);
 
-	  sizeof_escaped = 2 * len + 1;
+	  /* leading #, hex encoded value and terminating NULL */
+	  sizeof_escaped = 2 * len + 2;
 
 	  escaped = gnutls_malloc (sizeof_escaped);
 	  if (escaped == NULL)
@@ -310,7 +311,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
       _gnutls_string_get_data( &out_str, buf, sizeof_buf);
       buf[*sizeof_buf] = 0;
     }
-  else 
+  else
     *sizeof_buf = out_str.length;
 
   result = 0;
author	Simon Josefsson <simon@josefsson.org>	2009-06-22 11:30:05 +0200
committer	Simon Josefsson <simon@josefsson.org>	2009-08-07 00:58:23 +0200
commit	34b25074bcf6c8472fe5b0b5391880fb64f53e09 (patch)
tree	b5a80aeb6bcc57f8a73b430b7982ccb2b5a76b7c
parent	a86117380dca2b4e2d0dae4eef5d2fa56feb8305 (diff)
download	gnutls-34b25074bcf6c8472fe5b0b5391880fb64f53e09.tar.gz