CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2022/03/26 10:34:21
Modified files: lib/libcrypto/x509: x509_alt.c x509_constraints.c Log message: name constraints: be more careful with NULs An IA5STRING is a Pascal string that can have embedded NULs and is not NUL terminated (except that for legacy reasons it happens to be). Instead of taking the strlen(), use the already known ASN.1 length and use strndup() instead of strdup() to generate NUL terminated strings after some existing code has checked that there are no embedded NULs. In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not optimal and might be switched to using strvis() later. ok beck inoguchi jsing