openssl: biomem->data is not zero terminated

So printf(%s) on it or reading before bounds checking is wrong, fixing it. Could previously lead to reading out of boundary. Reported-by: Török Edwin
author: Daniel Stenberg <daniel@haxx.se> 2014-05-04 00:50:10 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-05-04 00:50:10 +0200
commit: 21aafd09f6758352cf2d70cbe5cc8ea018354d63 (patch)
tree: 30b731e75e24f9a28f61278ff5d4c567e44a0811
parent: 45c037a1278a0ab436f9aaaa22950f2e3758fdbd (diff)
download: curl-21aafd09f6758352cf2d70cbe5cc8ea018354d63.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index b59233a25..5a665661f 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2117,7 +2117,7 @@ static int X509V3_ext(struct SessionHandle *data,
         sep=", ";
         j++; /* skip the newline */
       };
-      while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))
+      while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
         j++;
       if(j<(size_t)biomem->length)
         ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
@@ -2159,8 +2159,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
 
   BIO_get_mem_ptr(bio_out, &biomem);
 
-  infof(data, "%s\n", biomem->data);
-
   Curl_ssl_push_certinfo_len(data, numcert,
                              "Cert", biomem->data, biomem->length);
author	Daniel Stenberg <daniel@haxx.se>	2014-05-04 00:50:10 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-05-04 00:50:10 +0200
commit	21aafd09f6758352cf2d70cbe5cc8ea018354d63 (patch)
tree	30b731e75e24f9a28f61278ff5d4c567e44a0811
parent	45c037a1278a0ab436f9aaaa22950f2e3758fdbd (diff)
download	curl-21aafd09f6758352cf2d70cbe5cc8ea018354d63.tar.gz