Fix CVE-2022-3786 in punycode decoder.

Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).

The function also did not NUL-terminate the output in some cases.

The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

0 files changed, 0 insertions, 0 deletions