From 63559e142eb71a5e38dfc55d429f35f6e1af0b7c Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Thu, 5 Mar 2015 22:58:36 +0100
Subject: polarssl: make sure to always null-terminate the cn

Just a precaution, this could never fail in the current code since in the
one place this function is called, the cn is already zero-initialized.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1425592716-14243-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9511
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_verify_polarssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/openvpn/ssl_verify_polarssl.c')

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index e21301d..2edf21d 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -115,7 +115,10 @@ backend_x509_get_username (char *cn, int cn_len,
 
   /* Found, extract CN */
   if (cn_len > name->val.len)
-    memcpy( cn, name->val.p, name->val.len );
+    {
+      memcpy( cn, name->val.p, name->val.len );
+      cn[name->val.len] = '\0';
+    }
   else
     {
       memcpy( cn, name->val.p, cn_len);
-- 
cgit