Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
author: Matt Caswell <matt@openssl.org> 2021-08-18 14:02:40 +0100
committer: Matt Caswell <matt@openssl.org> 2021-08-24 13:18:36 +0100
commit: 23446958685a593d4d9434475734b99138902ed2 (patch)
tree: 9097aceee8a1a8004e354b4cc7fab361dc5660d5 /crypto
parent: 5f54e57406ca17731b9ade3afd561d3c652e07f2 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 3d124fa6d9..98b6ef25e2 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
     i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
     BIO_puts(out, "\n");
     if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+        BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
+                   pci->proxyPolicy->policy->length,
                    pci->proxyPolicy->policy->data);
     return 1;
 }
author	Matt Caswell <matt@openssl.org>	2021-08-18 14:02:40 +0100
committer	Matt Caswell <matt@openssl.org>	2021-08-24 13:18:36 +0100
commit	23446958685a593d4d9434475734b99138902ed2 (patch)
tree	9097aceee8a1a8004e354b4cc7fab361dc5660d5 /crypto
parent	5f54e57406ca17731b9ade3afd561d3c652e07f2 (diff)