Just a precaution, this could never fail in the current code since in the
one place this function is called, the cn is already zero-initialized.
Signed-off-by: Steffan Karger <stef...@karger.me>
---
src/openvpn/ssl_verify_polarssl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_verify_polarssl.c
b/src/openvpn/ssl_verify_polarssl.c
index 3e8d712..976df50 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -115,7 +115,10 @@ backend_x509_get_username (char *cn, int cn_len,
/* Found, extract CN */
if (cn_len > name->val.len)
- memcpy( cn, name->val.p, name->val.len );
+ {
+ memcpy( cn, name->val.p, name->val.len );
+ cn[name->val.len] = '\0';
+ }
else
{
memcpy( cn, name->val.p, cn_len);
--
2.1.0
