File openssl-3-CVE-2022-3602_2.patch of Package openssl-3.28534
From 2061a656b97ac7126431eed05dcf2c0317418be4 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 24 Oct 2022 19:06:13 +1100
Subject: [PATCH 2/2] punycode: ensure the result is zero terminated
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
---
crypto/punycode.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/punycode.c b/crypto/punycode.c
index 8cba508382..b9b4e3d785 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -298,8 +298,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
PUSHC(seed[j]);
}
- if (tmpptr != NULL)
- PUSHC('.');
+ PUSHC(tmpptr != NULL ? '.' : '\0');
}
if (tmpptr == NULL)
@@ -323,7 +322,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
int ossl_a2ucompare(const char *a, const char *u)
{
- char a_ulabel[LABEL_BUF_SIZE];
+ char a_ulabel[LABEL_BUF_SIZE + 1];
size_t a_size = sizeof(a_ulabel);
if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0)
--
2.35.3