Fix checks for nul-termination
diff --git a/library/dhm.c b/library/dhm.c
index 92fd611..f09592a 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -422,7 +422,7 @@
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( dhmin[dhminlen - 1] != '\0' )
+ if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
diff --git a/library/pkparse.c b/library/pkparse.c
index edf6e31..8e1aa6e 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1072,7 +1072,7 @@
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1105,7 +1105,7 @@
#if defined(MBEDTLS_ECP_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1136,7 +1136,7 @@
#endif /* MBEDTLS_ECP_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1159,7 +1159,7 @@
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1257,7 +1257,7 @@
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( key[keylen - 1] != '\0' )
+ if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
diff --git a/library/x509_crl.c b/library/x509_crl.c
index fc4b2df..e193919 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -505,7 +505,7 @@
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] != '\0' )
+ if( buflen == 0 || buf[buflen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 059b60f..11eb7cf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -852,7 +852,7 @@
* one or more PEM certificates.
*/
#if defined(MBEDTLS_PEM_PARSE_C)
- if( buf[buflen - 1] == '\0' &&
+ if( buflen != 0 && buf[buflen - 1] == '\0' &&
strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
{
buf_format = MBEDTLS_X509_FORMAT_PEM;
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 5ec1b86..ebf8897 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -276,7 +276,7 @@
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] != '\0' )
+ if( buflen == 0 || buf[buflen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,