CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2022/03/26 10:34:21
Modified files:
lib/libcrypto/x509: x509_alt.c x509_constraints.c
Log message:
name constraints: be more careful with NULs
An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).
Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.
In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.
ok beck inoguchi jsing
