From eaae01f76c28b6e9fd941ee115c03a6017c166b6 Mon Sep 17 00:00:00 2001
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 21 Nov 2016 23:10:47 +0100
Subject: [PATCH] Make sure that the output of X509_NAME_oneline is
 null-terminated.

---
 mutt_ssl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mutt_ssl.c b/mutt_ssl.c
index f16215fb6..01ab7b8c5 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -982,9 +982,10 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
 #ifdef DEBUG
   char buf[STRING];
 
+  buf[STRING - 1] = '\0';
   dprint (1, (debugfile, "ssl_check_certificate: checking cert %s\n",
               X509_NAME_oneline (X509_get_subject_name (data->cert),
-                                 buf, sizeof (buf))));
+                                 buf, sizeof (buf) - 1)));
 #endif
 
   if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
@@ -1004,7 +1005,7 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
 
     dprint (1, (debugfile, "ssl_check_certificate: checking cert chain entry %s\n",
                 X509_NAME_oneline (X509_get_subject_name (cert),
-                                   buf, sizeof (buf))));
+                                   buf, sizeof (buf) - 1)));
 
     /* if the certificate validates or is manually accepted, then add it to
      * the trusted set and recheck the peer certificate */
-- 
2.40.0