Fix off-by-one size computation that leads to truncated strings.

Reported by Tim Kosse <tim.kosse@filezilla-project.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
author: Simon Josefsson <simon@josefsson.org> 2009-06-22 11:30:05 +0200
committer: Simon Josefsson <simon@josefsson.org> 2009-06-22 11:30:05 +0200
commit: 2773e82dd323c2699f6846a7691bf4fba697703f (patch)
tree: 54652bdfa8981e90d2903d03830cb5b72229fe3d /lib/x509/dn.c
parent: a8ef0939642f38c2788fed35cbc5cc665786b408 (diff)
download: gnutls-2773e82dd323c2699f6846a7691bf4fba697703f.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 662fd9f236..daf14dfece 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -36,7 +36,7 @@
  */
 
 /* Converts the given OID to an ldap acceptable string or
- * a dotted OID. 
+ * a dotted OID.
  */
 static const char *
 oid2ldap_string (const char *oid)
@@ -240,7 +240,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
 	  ldap_desc = oid2ldap_string (oid);
 	  printable = _gnutls_x509_oid_data_printable (oid);
 
-	  sizeof_escaped = 2 * len + 1;
+	  /* leading #, hex encoded value and terminating NULL */
+	  sizeof_escaped = 2 * len + 2;
 
 	  escaped = gnutls_malloc (sizeof_escaped);
 	  if (escaped == NULL)
@@ -310,7 +311,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
       _gnutls_string_get_data( &out_str, buf, sizeof_buf);
       buf[*sizeof_buf] = 0;
     }
-  else 
+  else
     *sizeof_buf = out_str.length;
 
   result = 0;
author	Simon Josefsson <simon@josefsson.org>	2009-06-22 11:30:05 +0200
committer	Simon Josefsson <simon@josefsson.org>	2009-06-22 11:30:05 +0200
commit	2773e82dd323c2699f6846a7691bf4fba697703f (patch)
tree	54652bdfa8981e90d2903d03830cb5b72229fe3d /lib/x509/dn.c
parent	a8ef0939642f38c2788fed35cbc5cc665786b408 (diff)
download	gnutls-2773e82dd323c2699f6846a7691bf4fba697703f.tar.gz