summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Van Heghe <florian.van.heghe@guardsquare.com>2021-12-01 12:37:42 +0100
committerDaniel Stenberg <daniel@haxx.se>2021-12-02 11:15:05 +0100
commit456c53730d21b1fad0c7f72c1817999fba93d077 (patch)
treecf3be3731e79aa55ec572cac952e5298bc0ea8b4
parent7da636cad560f1643004fac42363dde76e705d9f (diff)
downloadcurl-456c53730d21b1fad0c7f72c1817999fba93d077.tar.gz
mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
Fixes #8079 Closes #8081
-rw-r--r--lib/vtls/mbedtls.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index ba5c5d756..7f1ff198c 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -320,9 +320,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
mbedtls_x509_crt_init(&backend->cacert);
if(ca_info_blob) {
- const unsigned char *blob_data = (const unsigned char *)ca_info_blob->data;
+ unsigned char *blob_data = (unsigned char *)ca_info_blob->data;
+
+ /* mbedTLS expects the terminating NULL byte to be included in the length
+ of the data */
+ size_t blob_data_len = ca_info_blob->len + 1;
+
ret = mbedtls_x509_crt_parse(&backend->cacert, blob_data,
- ca_info_blob->len);
+ blob_data_len);
if(ret<0) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));