From 816cb4ff9bb4cb6597de02367f7c5abca27b4b58 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 23 May 2023 11:04:04 +0000
Subject: Always NUL terminate buf in OBJ_obj2txt()

OBJ_obj2txt() is often called without error checking and is used for
reporting unexpected or malformed objects. As such, we should ensure
buf is a string even on failure. This had long been the case before it
was lost in a recent rewrite. If obj and obj->data are both non-NULL
this is already taken care of by i2t_ASN1_OBJECT_internal(), so many
callers were still safe.

ok miod
---
 src/lib/libcrypto/objects/obj_dat.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/objects/obj_dat.c')

diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 6adc4068a3..fcc21ddfb4 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.51 2022/12/26 07:18:52 jmc Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.52 2023/05/23 11:04:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -499,6 +499,9 @@ OBJ_txt2obj(const char *s, int no_name)
 int
 OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name)
 {
+	if (buf_len > 0)
+		buf[0] = '\0';
+
 	if (aobj == NULL || aobj->data == NULL)
 		return 0;
 
-- 
cgit v1.2.3-55-g6feb