gnutls_x509_crt_get_extension_info: fixed function to comply with documented approach

That is, do not include the trailing NULL byte size in the
size of the object identifier.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 46b657284c..c325ede52e 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2491,7 +2491,8 @@ gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, unsigned indx,
  * If the buffer provided is not long enough to hold the output, then
  * @oid_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
  * returned. The @oid returned will be null terminated, although 
- * @oid_size will not account for the trailing null.
+ * @oid_size will not account for the trailing null (the latter is not
+ * true for GnuTLS prior to 3.6.0).
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
  *   otherwise a negative error code is returned.  If you have reached the
@@ -2527,6 +2528,10 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx,
 		return _gnutls_asn2err(result);
 	}
 
+	/* remove any trailing null */
+	if (oid && len > 0 && ((uint8_t*)oid)[len-1] == 0)
+		(*oid_size)--;
+
 	snprintf(name, sizeof(name),
 		 "tbsCertificate.extensions.?%u.critical", indx + 1);
 	len = sizeof(str_critical);