commit 43b37cbc92f35bae312f08a0ae285c582412c46d
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 12 11:20:10 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 12 11:26:43 2015 +0200
tree dc114da051189d862e182ac7ca31336db9f288cf
parent 2088ba6d30836da0984d3e0f0fd847ba4bf976f8

Fix use of pem_read_buffer() in PK, DHM and X509

library/x509_csr.c

diff --git a/library/x509_csr.c b/library/x509_csr.c
index f6afa1e..5ec1b86 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -274,10 +274,15 @@
 
 #if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_init( &pem );
-    ret = mbedtls_pem_read_buffer( &pem,
-                           "-----BEGIN CERTIFICATE REQUEST-----",
-                           "-----END CERTIFICATE REQUEST-----",
-                           buf, NULL, 0, &use_len );
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( buf[buflen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN CERTIFICATE REQUEST-----",
+                               "-----END CERTIFICATE REQUEST-----",
+                               buf, NULL, 0, &use_len );
 
     if( ret == 0 )
     {
@@ -315,7 +320,7 @@
 
     ret = mbedtls_x509_csr_parse( csr, buf, n );
 
-    mbedtls_zeroize( buf, n + 1 );
+    mbedtls_zeroize( buf, n );
     mbedtls_free( buf );
 
     return( ret );