* src/ne_gnutls.c (check_identity): Ensure that strings are NUL terminated

since this is not explicitly guaranteed by the GnuTLS API.


git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1371 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845

1 files changed, 4 insertions, 1 deletions

diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index 2629a99..8fd9325 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -362,11 +362,12 @@ static int check_identity(const ne_uri *server, gnutls_x509_crt cert,
     hostname = server ? server->host : "";
 
     do {
-        len = sizeof name;
+        len = sizeof name - 1;
         ret = gnutls_x509_crt_get_subject_alt_name(cert, seq, name, &len,
                                                    &critical);
         switch (ret) {
         case GNUTLS_SAN_DNSNAME:
+            name[len] = '\0';
             if (identity && !found) *identity = ne_strdup(name);
             match = match_hostname(name, hostname);
             found = 1;
@@ -396,6 +397,8 @@ static int check_identity(const ne_uri *server, gnutls_x509_crt cert,
         case GNUTLS_SAN_URI: {
             ne_uri uri;
             
+            name[len] = '\0';
+            
             if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) {
                 ne_uri tmp;