mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB

Fixes #8079 Closes #8081
author: Florian Van Heghe <florian.van.heghe@guardsquare.com> 2021-12-01 12:37:42 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-12-02 11:15:05 +0100
commit: 456c53730d21b1fad0c7f72c1817999fba93d077 (patch)
tree: cf3be3731e79aa55ec572cac952e5298bc0ea8b4
parent: 7da636cad560f1643004fac42363dde76e705d9f (diff)
download: curl-456c53730d21b1fad0c7f72c1817999fba93d077.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index ba5c5d756..7f1ff198c 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -320,9 +320,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
   mbedtls_x509_crt_init(&backend->cacert);
 
   if(ca_info_blob) {
-    const unsigned char *blob_data = (const unsigned char *)ca_info_blob->data;
+    unsigned char *blob_data = (unsigned char *)ca_info_blob->data;
+
+    /* mbedTLS expects the terminating NULL byte to be included in the length
+       of the data */
+    size_t blob_data_len = ca_info_blob->len + 1;
+
     ret = mbedtls_x509_crt_parse(&backend->cacert, blob_data,
-                                 ca_info_blob->len);
+                                 blob_data_len);
 
     if(ret<0) {
       mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
author	Florian Van Heghe <florian.van.heghe@guardsquare.com>	2021-12-01 12:37:42 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-12-02 11:15:05 +0100
commit	456c53730d21b1fad0c7f72c1817999fba93d077 (patch)
tree	cf3be3731e79aa55ec572cac952e5298bc0ea8b4
parent	7da636cad560f1643004fac42363dde76e705d9f (diff)
download	curl-456c53730d21b1fad0c7f72c1817999fba93d077.tar.gz