UI_UTIL_wrap_read_pem_callback: make sure to terminate the string received

The callback we're wrapping around may or may not return a NUL-terminated string. Let's ensure it is. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3791)
author: Richard Levitte <levitte@openssl.org> 2017-06-28 11:17:24 +0200
committer: Richard Levitte <levitte@openssl.org> 2017-06-28 14:24:28 +0200
commit: 3816be5d4a6a1f17dc4b7d398c42398c48e62e1a (patch)
tree: f0615364a3785982a69a274360a25d8053252a2e
parent: e041f3b8baf3b9a2d57f5eb818a6b0aebd96e953 (diff)
download: openssl-new-3816be5d4a6a1f17dc4b7d398c42398c48e62e1a.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 67b2ec2229..dbfeeccffb 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -104,7 +104,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
     switch (UI_get_string_type(uis)) {
     case UIT_PROMPT:
         {
-            char result[PEM_BUFSIZE];
+            char result[PEM_BUFSIZE + 1];
             const struct pem_password_cb_data *data =
                 UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
             int maxsize = UI_get_result_maxsize(uis);
@@ -112,6 +112,8 @@ static int ui_read(UI *ui, UI_STRING *uis)
                                maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
                                data->rwflag, UI_get0_user_data(ui));
 
+            if (len >= 0)
+                result[len] = '\0';
             if (len <= 0)
                 return len;
             if (UI_set_result(ui, uis, result) >= 0)
author	Richard Levitte <levitte@openssl.org>	2017-06-28 11:17:24 +0200
committer	Richard Levitte <levitte@openssl.org>	2017-06-28 14:24:28 +0200
commit	3816be5d4a6a1f17dc4b7d398c42398c48e62e1a (patch)
tree	f0615364a3785982a69a274360a25d8053252a2e
parent	e041f3b8baf3b9a2d57f5eb818a6b0aebd96e953 (diff)
download	openssl-new-3816be5d4a6a1f17dc4b7d398c42398c48e62e1a.tar.gz