diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 1678cba8..b05262e1 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1478,7 +1478,7 @@ write_key_file(const int nkeys, const char *filename) /* write key file to stdout if no filename given */ if (!filename || strcmp(filename, "")==0) { - printf("%s\n", BPTR(&out)); + printf("%.*s\n", BLEN(&out), BPTR(&out)); } /* write key file, now formatted in out, to file */ else if (!buffer_write_file(filename, &out)) @@ -1887,7 +1887,7 @@ write_pem_key_file(const char *filename, const char *pem_name) if (!filename || strcmp(filename, "")==0) { - printf("%s\n", BPTR(&server_key_pem)); + printf("%.*s", BLEN(&server_key_pem), BPTR(&server_key_pem)); } else if (!buffer_write_file(filename, &server_key_pem)) { diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 3e77fa9e..14a528af 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -239,10 +239,12 @@ crypto_pem_encode(const char *name, struct buffer *dst, return false; } + /* We set the size buf to out_len-1 to NOT include the 0 byte that + * mbedtls_pem_write_buffer in its length calculation */ *dst = alloc_buf_gc(out_len, gc); if (!mbed_ok(mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src), BPTR(dst), BCAP(dst), &out_len)) - || !buf_inc_len(dst, out_len)) + || !buf_inc_len(dst, out_len-1)) { CLEAR(*dst); return false; diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index a81dcfd8..4fa65ba8 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -400,9 +400,8 @@ crypto_pem_encode(const char *name, struct buffer *dst, BUF_MEM *bptr; BIO_get_mem_ptr(bio, &bptr); - *dst = alloc_buf_gc(bptr->length + 1, gc); + *dst = alloc_buf_gc(bptr->length, gc); ASSERT(buf_write(dst, bptr->data, bptr->length)); - buf_null_terminate(dst); ret = true; cleanup: diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index e9f9cc2a..3018c18e 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -702,7 +702,7 @@ tls_crypt_v2_write_client_key_file(const char *filename, if (!filename || streq(filename, "")) { - printf("%s\n", BPTR(&client_key_pem)); + printf("%.*s\n", BLEN(&client_key_pem), BPTR(&client_key_pem)); client_filename = INLINE_FILE_TAG; client_inline = (const char *)BPTR(&client_key_pem); } diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index b9e3a7a6..54fc917d 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -512,7 +512,8 @@ test_tls_crypt_v2_write_server_key_file(void **state) { const char *filename = "testfilename.key"; expect_string(__wrap_buffer_write_file, filename, filename); - expect_string(__wrap_buffer_write_file, pem, test_server_key); + expect_memory(__wrap_buffer_write_file, pem, test_server_key, + strlen(test_server_key)); will_return(__wrap_buffer_write_file, true); tls_crypt_v2_write_server_key_file(filename); @@ -524,7 +525,8 @@ test_tls_crypt_v2_write_client_key_file(void **state) { /* Test writing the client key */ expect_string(__wrap_buffer_write_file, filename, filename); - expect_string(__wrap_buffer_write_file, pem, test_client_key); + expect_memory(__wrap_buffer_write_file, pem, test_client_key, + strlen(test_client_key)); will_return(__wrap_buffer_write_file, true); /* Key generation re-reads the created file as a sanity check */