Overview

File openssl-3-CVE-2022-3602_2.patch of Package openssl-3.28534

From 2061a656b97ac7126431eed05dcf2c0317418be4 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 24 Oct 2022 19:06:13 +1100
Subject: [PATCH 2/2] punycode: ensure the result is zero terminated

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
---
 crypto/punycode.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/punycode.c b/crypto/punycode.c
index 8cba508382..b9b4e3d785 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -298,8 +298,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
                     PUSHC(seed[j]);
             }
 
-            if (tmpptr != NULL)
-                PUSHC('.');
+            PUSHC(tmpptr != NULL ? '.' : '\0');
         }
 
         if (tmpptr == NULL)
@@ -323,7 +322,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
 
 int ossl_a2ucompare(const char *a, const char *u)
 {
-    char a_ulabel[LABEL_BUF_SIZE];
+    char a_ulabel[LABEL_BUF_SIZE + 1];
     size_t a_size = sizeof(a_ulabel);
 
     if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0)
-- 
2.35.3
openSUSE Build Service is sponsored by
Places