Fix test code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
author: Matt Caswell <matt@openssl.org> 2021-08-18 17:37:41 +0100
committer: Matt Caswell <matt@openssl.org> 2021-08-24 14:22:06 +0100
commit: 1f365708a3318a5f1a395f90c38b584a58d37fb9 (patch)
tree: 63f8f2b9cbe96056c3f136621de4d3097bd6d049 /test/helpers
parent: 95f8c1e142df835d03b5b62521383a462fc5470d (diff)
download: openssl-new-1f365708a3318a5f1a395f90c38b584a58d37fb9.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c
index cb94be7b88..a87683dc95 100644
--- a/test/helpers/pkcs12.c
+++ b/test/helpers/pkcs12.c
@@ -479,12 +479,15 @@ static int check_asn1_string(const ASN1_TYPE *av, const char *txt)
         break;
 
     case V_ASN1_UTF8STRING:
-        if (!TEST_str_eq(txt, (char *)av->value.utf8string->data))
+        if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
+                         av->value.utf8string->length))
             goto err;
         break;
 
     case V_ASN1_OCTET_STRING:
-        if (!TEST_str_eq(txt, (char *)av->value.octet_string->data))
+        if (!TEST_mem_eq(txt, strlen(txt),
+                         (char *)av->value.octet_string->data,
+                         av->value.octet_string->length))
             goto err;
         break;
author	Matt Caswell <matt@openssl.org>	2021-08-18 17:37:41 +0100
committer	Matt Caswell <matt@openssl.org>	2021-08-24 14:22:06 +0100
commit	1f365708a3318a5f1a395f90c38b584a58d37fb9 (patch)
tree	63f8f2b9cbe96056c3f136621de4d3097bd6d049 /test/helpers
parent	95f8c1e142df835d03b5b62521383a462fc5470d (diff)
download	openssl-new-1f365708a3318a5f1a395f90c38b584a58d37fb9.tar.gz