Make sure that the output of X509_NAME_oneline is null-terminated.

author Vincent Lefevre <vincent@vinc17.net>

Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)

committer Vincent Lefevre <vincent@vinc17.net>

Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)
author Vincent Lefevre <vincent@vinc17.net>
Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)
committer Vincent Lefevre <vincent@vinc17.net>
Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)
diff --git a/mutt_ssl.c b/mutt_ssl.c

index a80fe5ebea3b4ed0d4195de9b9d5110e797aeef5..0bca243f9f3da2ab998536ca99247bdd73960f83 100644 (file)
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -969,9 +969,10 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
  #ifdef DEBUG
    char buf[STRING];
  
+  buf[STRING - 1] = '\0';
    dprint (1, (debugfile, "ssl_check_certificate: checking cert %s\n",
                X509_NAME_oneline (X509_get_subject_name (data->cert),
-                                 buf, sizeof (buf))));
+                                 buf, sizeof (buf) - 1)));
  #endif
  
    if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
@@ -991,7 +992,7 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
  
      dprint (1, (debugfile, "ssl_check_certificate: checking cert chain entry %s\n",
                  X509_NAME_oneline (X509_get_subject_name (cert),
-                                   buf, sizeof (buf))));
+                                   buf, sizeof (buf) - 1)));
  
      /* if the certificate validates or is manually accepted, then add it to
       * the trusted set and recheck the peer certificate */
author	Vincent Lefevre <vincent@vinc17.net>
	Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)
committer	Vincent Lefevre <vincent@vinc17.net>
	Mon, 21 Nov 2016 22:10:47 +0000 (23:10 +0100)