Sanity check buffer length.

Reject zero length buffers passed to X509_NAME_onelne().

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b33d1141b6dcce947708b984c5e9e91dad3d675d)

diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index d317f3af25c0bde77bbfca0f41a3ff24e31fe434..500c9dfa543bb8cc9bd1ab44d0974aa38ff72b36 100644 (file)
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -86,6 +86,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
             goto err;
         b->data[0] = '\0';
         len = 200;
+    } else if (len == 0) {
+        return NULL;
     }
     if (a == NULL) {
         if (b) {