Clean up dangerous strncpy use. This included a use where the resulting

string was potentially not nul terminated and a place where malloc return
was unchecked.
while we're at it remove dummytest.c
ok miod@

2 files changed, 7 insertions, 6 deletions

diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 66ea96db51..8de5dd041b 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -579,10 +579,12 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
                 return 0;
         objlen = p - value;
         objtmp = OPENSSL_malloc(objlen + 1);
-        strncpy(objtmp, value, objlen);
-        objtmp[objlen] = 0;
-        gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-        OPENSSL_free(objtmp);   
+        if (objtmp) {
+                strlcpy(objtmp, value, objlen + 1);
+                gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+                OPENSSL_free(objtmp);
+        } else
+                gen->d.otherName->type_id = NULL;
         if (!gen->d.otherName->type_id)
                 return 0;
         return 1;
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e1b8699f92..44bc3e1105 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -165,8 +165,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho
                         X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
                         goto err;
                 }
-                strncpy(objtmp, cnf->name, objlen);
-                objtmp[objlen] = 0;
+                strlcpy(objtmp, cnf->name, objlen + 1);
                 acc->method = OBJ_txt2obj(objtmp, 0);
                 if(!acc->method) {
                         X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);