From 76299260a598c177d4466fb9c0c7cad037782a9a Mon Sep 17 00:00:00 2001 From: tabudz Date: Sat, 7 Mar 2026 23:41:15 +0800 Subject: [PATCH] Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale --- 3rdparty/openssl/crypto/asn1/t_spki.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/openssl/crypto/asn1/t_spki.c b/3rdparty/openssl/crypto/asn1/t_spki.c index 3bf48db5..1f83b316 100644 --- a/3rdparty/openssl/crypto/asn1/t_spki.c +++ b/3rdparty/openssl/crypto/asn1/t_spki.c @@ -90,7 +90,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } chal = spki->spkac->challenge; if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); + BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); i = OBJ_obj2nid(spki->sig_algor->algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));