From 820a704a91a626510258849c39f3cbd64e127c44 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Thu, 24 Sep 2020 23:03:14 +0100
Subject: [PATCH] gen_pkcs3: Terminate string before calling BH_hex2bn()

---
 src/util/gen_pkcs3.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/util/gen_pkcs3.c b/src/util/gen_pkcs3.c
index 6a467e07a9..22f32729a5 100644
--- a/src/util/gen_pkcs3.c
+++ b/src/util/gen_pkcs3.c
@@ -54,7 +54,6 @@ void __attribute__((__noreturn__))
 die_openssl_err(const char *msg)
 {
   char err_string[250];
-  unsigned long e;
 
   ERR_error_string_n(ERR_get_error(), err_string, sizeof(err_string));
   die("%s: %s", msg, err_string);
@@ -71,7 +70,7 @@ bn_from_text(const char *text)
   int rc;
 
   len = strlen(text);
-  spaceless = malloc(len);
+  spaceless = malloc(len + 1);
   if (!spaceless)
     die("malloc(%zu) failed: %s", len, strerror(errno));
 
@@ -81,13 +80,15 @@ bn_from_text(const char *text)
     if (!isspace(*q))
       *p++ = *q;
   }
+  len = p - spaceless;
+  *p++ = '\0';
 
   b = NULL;
   rc = BN_hex2bn(&b, spaceless);
 
-  if (rc != p - spaceless)
+  if (rc != (int)len)
     die("BN_hex2bn did not convert entire input; took %d of %zu bytes",
-        rc, p - spaceless);
+        rc, len);
 
   return b;
 }