[Spice-devel] [spice-common 3/8] coverity: avoid out of bounds access

Mon Apr 4 08:03:34 UTC 2016

We are allocating insufficient memory for the terminating null of the
string.
---
 common/ssl_verify.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 601252e..4292ddf 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -283,8 +283,8 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries)
     spice_return_val_if_fail(subject != NULL, NULL);
     spice_return_val_if_fail(nentries != NULL, NULL);
 
-    key = (char*)alloca(strlen(subject));
-    val = (char*)alloca(strlen(subject));
+    key = (char*)alloca(strlen(subject) + 1);
+    val = (char*)alloca(strlen(subject) + 1);
     in_subject = X509_NAME_new();
 
     if (!in_subject || !key || !val) {
-- 
2.7.3

