summaryrefslogtreecommitdiff
path: root/lib/vtls/mbedtls.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2021-12-14 10:00:34 +0100
committerDaniel Stenberg <daniel@haxx.se>2021-12-14 15:35:54 +0100
commit867ad1cd8bd6cfce3e9c76e802e9e343913e2594 (patch)
tree917691ed7c2bf277381b2da6467a44c943e7e97c /lib/vtls/mbedtls.c
parent64e8bf9ff4670fbe5bde6f8eb4c9facc181fcae8 (diff)
downloadcurl-867ad1cd8bd6cfce3e9c76e802e9e343913e2594.tar.gz
mbedtls: fix CURLOPT_SSLCERT_BLOB
The memory passed to mbedTLS for this needs to be null terminated. Reported-by: Florian Van Heghe Closes #8146
Diffstat (limited to 'lib/vtls/mbedtls.c')
-rw-r--r--lib/vtls/mbedtls.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 113eb9196..ac791e809 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -379,10 +379,17 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
}
if(ssl_cert_blob) {
- const unsigned char *blob_data =
- (const unsigned char *)ssl_cert_blob->data;
- ret = mbedtls_x509_crt_parse(&backend->clicert, blob_data,
+ /* Unfortunately, mbedtls_x509_crt_parse() requires the data to be null
+ terminated even when provided the exact length, forcing us to waste
+ extra memory here. */
+ unsigned char *newblob = malloc(ssl_cert_blob->len + 1);
+ if(!newblob)
+ return CURLE_OUT_OF_MEMORY;
+ memcpy(newblob, ssl_cert_blob->data, ssl_cert_blob->len);
+ newblob[ssl_cert_blob->len] = 0; /* null terminate */
+ ret = mbedtls_x509_crt_parse(&backend->clicert, newblob,
ssl_cert_blob->len);
+ free(newblob);
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));