crypto: fix fingerprint string size calculation (!42175) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/tniessen/crypto-fingerprint-size-off-by-one into master Mar 01, 2022

The function generating fingerprint strings never accesses more than EVP_MAX_MD_SIZE * 3 characters, including the terminating '\0'. (This is true even without #42145.) Adding an extra byte to the buffer size only adds confusion since it will never be accessed.

(3*i)+2 is at most 3 * (md_size - 1) + 2, i.e., 3 * md_size - 1 for i < md_size.

Admin message

Admin message

crypto: fix fingerprint string size calculation

Merge request reports