$OpenBSD: patch-content_fetchers_curl_c,v 1.1 2014/10/13 09:29:20 bentley Exp $
memcpy and terminate from openssl buffers.
Fixes crash on certain invalid SSL certificates.

From upstream commit c695d3d0074687e767b68ca9d1412a5bc5303178
--- content/fetchers/curl.c.orig	Tue Aug 26 08:57:21 2014
+++ content/fetchers/curl.c	Thu Sep  4 00:03:08 2014
@@ -921,10 +921,12 @@ void fetch_curl_done(CURL *curl_handle, CURLcode resul
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].not_before,
-					min(sizeof ssl_certs[i].not_before,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].not_before,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].not_before) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].not_before[min(sizeof(ssl_certs[i].not_before) - 1,
+						    (unsigned)buf->length)] = 0;
 			BUF_MEM_free(buf);
 
 			mem = BIO_new(BIO_s_mem());
@@ -933,10 +935,13 @@ void fetch_curl_done(CURL *curl_handle, CURLcode resul
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].not_after,
-					min(sizeof ssl_certs[i].not_after,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].not_after,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].not_after) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].not_after[min(sizeof(ssl_certs[i].not_after) - 1,
+						 (unsigned)buf->length)] = 0;
+
 			BUF_MEM_free(buf);
 
 			ssl_certs[i].sig_type =
@@ -952,24 +957,30 @@ void fetch_curl_done(CURL *curl_handle, CURLcode resul
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].issuer,
-					min(sizeof ssl_certs[i].issuer,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].issuer,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].issuer) - 1,
+				   (unsigned) buf->length));
+			ssl_certs[i].issuer[min(sizeof(ssl_certs[i].issuer) - 1,
+						(unsigned) buf->length)] = 0;
 			BUF_MEM_free(buf);
 
 			mem = BIO_new(BIO_s_mem());
 			X509_NAME_print_ex(mem,
 				X509_get_subject_name(certs[i].cert),
-				0, XN_FLAG_SEP_CPLUS_SPC |
-					XN_FLAG_DN_REV | XN_FLAG_FN_NONE);
+					   0,
+					   XN_FLAG_SEP_CPLUS_SPC |
+					   XN_FLAG_DN_REV |
+					   XN_FLAG_FN_NONE);
 			BIO_get_mem_ptr(mem, &buf);
 			(void) BIO_set_close(mem, BIO_NOCLOSE);
 			BIO_free(mem);
-			snprintf(ssl_certs[i].subject,
-					min(sizeof ssl_certs[i].subject,
-						(unsigned) buf->length + 1),
-					"%s", buf->data);
+			memcpy(ssl_certs[i].subject,
+			       buf->data,
+			       min(sizeof(ssl_certs[i].subject) - 1,
+				   (unsigned)buf->length));
+			ssl_certs[i].subject[min(sizeof(ssl_certs[i].subject) - 1,
+						 (unsigned) buf->length)] = 0;
 			BUF_MEM_free(buf);
 
 			ssl_certs[i].cert_type =
