1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 4f24277918..533bbbf4ca 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.25 2022/03/14 21:29:46 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.26 2022/03/26 16:34:21 tb Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -657,35 +657,45 @@ x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes,
        if (name->type == GEN_DNS) {
                ASN1_IA5STRING *aname = name->d.dNSName;
                *bytes = aname->data;
-                *len = strlen(aname->data);
+                *len = aname->length;
                return name->type;
        }
        if (name->type == GEN_EMAIL) {
                ASN1_IA5STRING *aname = name->d.rfc822Name;
                *bytes = aname->data;
-                *len = strlen(aname->data);
+                *len = aname->length;
                return name->type;
        }
        if (name->type == GEN_URI) {
                ASN1_IA5STRING *aname = name->d.uniformResourceIdentifier;
                *bytes = aname->data;
-                *len = strlen(aname->data);
+                *len = aname->length;
                return name->type;
        }
        if (name->type == GEN_DIRNAME) {
                X509_NAME *dname = name->d.directoryName;
                if (!dname->modified || i2d_X509_NAME(dname, NULL) >= 0) {
                        *bytes = dname->canon_enc;
                        *len = dname->canon_enclen;
                        return name->type;
                }
        }
        if (name->type == GEN_IPADD) {
                *bytes = name->d.ip->data;
                *len = name->d.ip->length;
                return name->type;
        }
        return 0;
 }
@@ -723,7 +733,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
                                *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
                                goto err;
                        }
-                        if ((vname->name = strdup(bytes)) == NULL) {
+                        if ((vname->name = strndup(bytes, len)) == NULL) {
                                *error = X509_V_ERR_OUT_OF_MEM;
                                goto err;
                        }
@@ -931,7 +941,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
        case GEN_DNS:
                if (!x509_constraints_valid_domain_constraint(bytes, len))
                        goto err;
-                if ((name->name = strdup(bytes)) == NULL) {
+                if ((name->name = strndup(bytes, len)) == NULL) {
                        error = X509_V_ERR_OUT_OF_MEM;
                        goto err;
                }
@@ -953,7 +963,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
                }
                if (!x509_constraints_valid_domain_constraint(bytes, len))
                        goto err;
-                if ((name->name = strdup(bytes)) == NULL) {
+                if ((name->name = strndup(bytes, len)) == NULL) {
                        error = X509_V_ERR_OUT_OF_MEM;
                        goto err;
                }
@@ -973,7 +983,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
        case GEN_URI:
                if (!x509_constraints_valid_domain_constraint(bytes, len))
                        goto err;
-                if ((name->name = strdup(bytes)) == NULL) {
+                if ((name->name = strndup(bytes, len)) == NULL) {
                        error = X509_V_ERR_OUT_OF_MEM;
                        goto err;
                }

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index 4f24277918..533bbbf4ca 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_constraints.c,v 1.25 2022/03/14 21:29:46 tb Exp $ */	1	/* $OpenBSD: x509_constraints.c,v 1.26 2022/03/26 16:34:21 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -657,35 +657,45 @@ x509_constraints_general_to_bytes(GENERAL_NAME name, uint8_t *bytes,
657		657
658	if (name->type == GEN_DNS) {	658	if (name->type == GEN_DNS) {
659	ASN1_IA5STRING *aname = name->d.dNSName;	659	ASN1_IA5STRING *aname = name->d.dNSName;
		660
660	*bytes = aname->data;	661	*bytes = aname->data;
661	*len = strlen(aname->data);	662	*len = aname->length;
		663
662	return name->type;	664	return name->type;
663	}	665	}
664	if (name->type == GEN_EMAIL) {	666	if (name->type == GEN_EMAIL) {
665	ASN1_IA5STRING *aname = name->d.rfc822Name;	667	ASN1_IA5STRING *aname = name->d.rfc822Name;
		668
666	*bytes = aname->data;	669	*bytes = aname->data;
667	*len = strlen(aname->data);	670	*len = aname->length;
		671
668	return name->type;	672	return name->type;
669	}	673	}
670	if (name->type == GEN_URI) {	674	if (name->type == GEN_URI) {
671	ASN1_IA5STRING *aname = name->d.uniformResourceIdentifier;	675	ASN1_IA5STRING *aname = name->d.uniformResourceIdentifier;
		676
672	*bytes = aname->data;	677	*bytes = aname->data;
673	*len = strlen(aname->data);	678	*len = aname->length;
		679
674	return name->type;	680	return name->type;
675	}	681	}
676	if (name->type == GEN_DIRNAME) {	682	if (name->type == GEN_DIRNAME) {
677	X509_NAME *dname = name->d.directoryName;	683	X509_NAME *dname = name->d.directoryName;
		684
678	if (!dname->modified \|\| i2d_X509_NAME(dname, NULL) >= 0) {	685	if (!dname->modified \|\| i2d_X509_NAME(dname, NULL) >= 0) {
679	*bytes = dname->canon_enc;	686	*bytes = dname->canon_enc;
680	*len = dname->canon_enclen;	687	*len = dname->canon_enclen;
		688
681	return name->type;	689	return name->type;
682	}	690	}
683	}	691	}
684	if (name->type == GEN_IPADD) {	692	if (name->type == GEN_IPADD) {
685	*bytes = name->d.ip->data;	693	*bytes = name->d.ip->data;
686	*len = name->d.ip->length;	694	*len = name->d.ip->length;
		695
687	return name->type;	696	return name->type;
688	}	697	}
		698
689	return 0;	699	return 0;
690	}	700	}
691		701
@@ -723,7 +733,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
723	*error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;	733	*error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
724	goto err;	734	goto err;
725	}	735	}
726	if ((vname->name = strdup(bytes)) == NULL) {	736	if ((vname->name = strndup(bytes, len)) == NULL) {
727	*error = X509_V_ERR_OUT_OF_MEM;	737	*error = X509_V_ERR_OUT_OF_MEM;
728	goto err;	738	goto err;
729	}	739	}
@@ -931,7 +941,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
931	case GEN_DNS:	941	case GEN_DNS:
932	if (!x509_constraints_valid_domain_constraint(bytes, len))	942	if (!x509_constraints_valid_domain_constraint(bytes, len))
933	goto err;	943	goto err;
934	if ((name->name = strdup(bytes)) == NULL) {	944	if ((name->name = strndup(bytes, len)) == NULL) {
935	error = X509_V_ERR_OUT_OF_MEM;	945	error = X509_V_ERR_OUT_OF_MEM;
936	goto err;	946	goto err;
937	}	947	}
@@ -953,7 +963,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
953	}	963	}
954	if (!x509_constraints_valid_domain_constraint(bytes, len))	964	if (!x509_constraints_valid_domain_constraint(bytes, len))
955	goto err;	965	goto err;
956	if ((name->name = strdup(bytes)) == NULL) {	966	if ((name->name = strndup(bytes, len)) == NULL) {
957	error = X509_V_ERR_OUT_OF_MEM;	967	error = X509_V_ERR_OUT_OF_MEM;
958	goto err;	968	goto err;
959	}	969	}
@@ -973,7 +983,7 @@ x509_constraints_validate(GENERAL_NAME *constraint,
973	case GEN_URI:	983	case GEN_URI:
974	if (!x509_constraints_valid_domain_constraint(bytes, len))	984	if (!x509_constraints_valid_domain_constraint(bytes, len))
975	goto err;	985	goto err;
976	if ((name->name = strdup(bytes)) == NULL) {	986	if ((name->name = strndup(bytes, len)) == NULL) {
977	error = X509_V_ERR_OUT_OF_MEM;	987	error = X509_V_ERR_OUT_OF_MEM;
978	goto err;	988	goto err;
979	}	989	}