Fix various read buffer overflow when printing ASN.1 strings (which are

not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

1 files changed, 3 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509_pci.c b/src/lib/libcrypto/x509/x509_pci.c
index 8997f0cec8..b1d31dfb44 100644
--- a/src/lib/libcrypto/x509/x509_pci.c
+++ b/src/lib/libcrypto/x509/x509_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_pci.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
 /* Contributed to the OpenSSL Project 2004
  * by Richard Levitte (richard@levitte.org)
  */
@@ -77,7 +77,8 @@ i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out,
         i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
         BIO_puts(out, "\n");
         if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-                BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
+                    pci->proxyPolicy->policy->length,
                     pci->proxyPolicy->policy->data);
         return 1;
 }