From 5ae45436f49376c63e8d38c8e147c5bec0276cb0 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 2 Aug 2018 14:50:59 -0700
Subject: [PATCH] OSCP 1. Added a missed attr files for the OSCP status files.
 Bare minimum attr. 2. Added the attr files to the automake include. 3. Fix
 out of bounds read with the OCSP URL.

---
 certs/ocsp/include.am                             | 6 +++++-
 certs/ocsp/index-ca-and-intermediate-cas.txt.attr | 1 +
 wolfcrypt/src/asn.c                               | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 certs/ocsp/index-ca-and-intermediate-cas.txt.attr

diff --git a/certs/ocsp/include.am b/certs/ocsp/include.am
index f3ba21121..784c3bed4 100644
--- a/certs/ocsp/include.am
+++ b/certs/ocsp/include.am
@@ -4,9 +4,13 @@
 
 EXTRA_DIST += \
         certs/ocsp/index-ca-and-intermediate-cas.txt \
+        certs/ocsp/index-ca-and-intermediate-cas.txt.attr \
         certs/ocsp/index-intermediate1-ca-issued-certs.txt \
+        certs/ocsp/index-intermediate1-ca-issued-certs.txt.attr \
+        certs/ocsp/index-intermediate2-ca-issued-certs.txt \
+        certs/ocsp/index-intermediate2-ca-issued-certs.txt.attr \
         certs/ocsp/index-intermediate3-ca-issued-certs.txt \
-        certs/ocsp/index-intermediate3-ca-issued-certs.txt \
+        certs/ocsp/index-intermediate3-ca-issued-certs.txt.attr \
         certs/ocsp/openssl.cnf \
         certs/ocsp/intermediate1-ca-key.pem \
         certs/ocsp/intermediate1-ca-cert.pem \
diff --git a/certs/ocsp/index-ca-and-intermediate-cas.txt.attr b/certs/ocsp/index-ca-and-intermediate-cas.txt.attr
new file mode 100644
index 000000000..3a7e39e6e
--- /dev/null
+++ b/certs/ocsp/index-ca-and-intermediate-cas.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index a06492227..700e72ccb 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -13351,7 +13351,7 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce,
         req->serialSz = cert->serialSz;
 
         if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) {
-            req->url = (byte*)XMALLOC(cert->extAuthInfoSz, req->heap,
+            req->url = (byte*)XMALLOC(cert->extAuthInfoSz + 1, req->heap,
                                                      DYNAMIC_TYPE_OCSP_REQUEST);
             if (req->url == NULL) {
                 XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
@@ -13360,6 +13360,7 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce,
 
             XMEMCPY(req->url, cert->extAuthInfo, cert->extAuthInfoSz);
             req->urlSz = cert->extAuthInfoSz;
+            req->url[req->urlSz] = 0;
         }
     }