diff options
author | Florian Van Heghe <florian.van.heghe@guardsquare.com> | 2021-12-01 12:37:42 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-12-02 11:15:05 +0100 |
commit | 456c53730d21b1fad0c7f72c1817999fba93d077 (patch) | |
tree | cf3be3731e79aa55ec572cac952e5298bc0ea8b4 | |
parent | 7da636cad560f1643004fac42363dde76e705d9f (diff) | |
download | curl-456c53730d21b1fad0c7f72c1817999fba93d077.tar.gz |
mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
Fixes #8079
Closes #8081
-rw-r--r-- | lib/vtls/mbedtls.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index ba5c5d756..7f1ff198c 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -320,9 +320,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_x509_crt_init(&backend->cacert); if(ca_info_blob) { - const unsigned char *blob_data = (const unsigned char *)ca_info_blob->data; + unsigned char *blob_data = (unsigned char *)ca_info_blob->data; + + /* mbedTLS expects the terminating NULL byte to be included in the length + of the data */ + size_t blob_data_len = ca_info_blob->len + 1; + ret = mbedtls_x509_crt_parse(&backend->cacert, blob_data, - ca_info_blob->len); + blob_data_len); if(ret<0) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); |