From c695d3d0074687e767b68ca9d1412a5bc5303178 Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Wed, 3 Sep 2014 14:27:25 +0100
Subject: memcpy and terminate from openssl buffers

The memcpy is used instead of snprintf as the source data may not be null terminated and was
 causing OpenBSD to segfault.
---
 content/fetchers/curl.c | 41 +++++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 18 deletions(-)

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 826305e78..51b0f9974 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -921,10 +921,12 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].not_before,
-					min(sizeof ssl_certs[i].not_before,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].not_before,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].not_before) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].not_before[min(sizeof(ssl_certs[i].not_before) - 1,
+						    (unsigned)buf->length)] = 0;
 			BUF_MEM_free(buf);
 
 			mem = BIO_new(BIO_s_mem());
@@ -933,10 +935,13 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].not_after,
-					min(sizeof ssl_certs[i].not_after,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].not_after,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].not_after) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].not_after[min(sizeof(ssl_certs[i].not_after) - 1,
+						 (unsigned)buf->length)] = 0;
+
 			BUF_MEM_free(buf);
 
 			ssl_certs[i].sig_type =
@@ -952,11 +957,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].issuer,
-				 min(sizeof ssl_certs[i].issuer - 1,
-				     (unsigned) buf->length + 1),
-				 "%s", buf->data);
-			ssl_certs[i].issuer[min(sizeof ssl_certs[i].issuer,
+			memcpy(ssl_certs[i].issuer,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].issuer) - 1,
+				   (unsigned) buf->length));
+			ssl_certs[i].issuer[min(sizeof(ssl_certs[i].issuer) - 1,
 						(unsigned) buf->length)] = 0;
 			BUF_MEM_free(buf);
 
@@ -970,11 +975,11 @@ void fetch_curl_done(CURL *curl_handle, CURLcode result)
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].subject,
-				 min(sizeof(ssl_certs[i].subject) - 1,
-				     (unsigned) buf->length + 1),
-					"%s", buf->data);
-			ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject),
+			memcpy(ssl_certs[i].subject,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].subject) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject) - 1,
 						 (unsigned) buf->length)] = 0;
 			BUF_MEM_free(buf);
 
-- 
cgit v1.2.3