commit 43b37cbc92f35bae312f08a0ae285c582412c46d
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 12 11:20:10 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 12 11:26:43 2015 +0200
tree dc114da051189d862e182ac7ca31336db9f288cf
parent 2088ba6d30836da0984d3e0f0fd847ba4bf976f8

Fix use of pem_read_buffer() in PK, DHM and X509

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4ebae77..059b60f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -852,8 +852,11 @@
      * one or more PEM certificates.
      */
 #if defined(MBEDTLS_PEM_PARSE_C)
-    if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
+    if( buf[buflen - 1] == '\0' &&
+        strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
+    {
         buf_format = MBEDTLS_X509_FORMAT_PEM;
+    }
 #endif
 
     if( buf_format == MBEDTLS_X509_FORMAT_DER )
@@ -865,11 +868,13 @@
         int ret;
         mbedtls_pem_context pem;
 
-        while( buflen > 0 )
+        /* 1 rather than 0 since the terminating NULL byte is counted in */
+        while( buflen > 1 )
         {
             size_t use_len;
             mbedtls_pem_init( &pem );
 
+            /* If we get there, we know the string is null-terminated */
             ret = mbedtls_pem_read_buffer( &pem,
                            "-----BEGIN CERTIFICATE-----",
                            "-----END CERTIFICATE-----",
@@ -953,7 +958,7 @@
 
     ret = mbedtls_x509_crt_parse( chain, buf, n );
 
-    mbedtls_zeroize( buf, n + 1 );
+    mbedtls_zeroize( buf, n );
     mbedtls_free( buf );
 
     return( ret );