summaryrefslogtreecommitdiff
path: root/libexslt
diff options
context:
space:
mode:
authorNick Wellnhofer <wellnhofer@aevum.de>2012-07-31 21:27:51 +0200
committerDaniel Veillard <veillard@redhat.com>2012-09-06 20:18:55 +0800
commit3195073c740be579892c08cfc02efeae1a1c0dbd (patch)
treebf0b52f3dcf0a2c6413079baba4f2a1cedaba4c3 /libexslt
parent7816b657e99f144021ad1eceaa660f3a3b276cd5 (diff)
downloadlibxslt-3195073c740be579892c08cfc02efeae1a1c0dbd.tar.gz
libxslt-3195073c740be579892c08cfc02efeae1a1c0dbd.tar.bz2
libxslt-3195073c740be579892c08cfc02efeae1a1c0dbd.zip
Null-terminate result string of cry:rc4_decrypt
For https://bugzilla.gnome.org/show_bug.cgi?id=675917 The string wasn't 0 terminated
Diffstat (limited to 'libexslt')
-rw-r--r--libexslt/crypto.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/libexslt/crypto.c b/libexslt/crypto.c
index e2700d6b..42ac6c5b 100644
--- a/libexslt/crypto.c
+++ b/libexslt/crypto.c
@@ -752,7 +752,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathParserContextPtr ctxt, int nargs) {
ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
/* decrypt the binary blob */
- ret = xmlMallocAtomic (ret_len);
+ ret = xmlMallocAtomic (ret_len + 1);
if (ret == NULL) {
xsltTransformError(tctxt, NULL, tctxt->inst,
"exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
@@ -761,6 +761,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathParserContextPtr ctxt, int nargs) {
goto done;
}
PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
+ ret[ret_len] = 0;
xmlXPathReturnString (ctxt, ret);