para_decrypt_challenge(): write terminating 0 byte

As we do a sscanf() on the buffer. Noted by valgrind.

diff --git a/crypt.c b/crypt.c
index 34407d782b910cab8f7e87aa269628d9a97aebf3..653b1a2452cdc85215d916c1abd35f641800dcf1 100644 (file)
--- a/crypt.c
+++ b/crypt.c
@@ -100,12 +100,14 @@ int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *in
 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
                unsigned char *inbuf, int rsa_inlen)
 {
-       unsigned char *rsa_out = OPENSSL_malloc(128);
+       unsigned char *rsa_out = OPENSSL_malloc(rsa_inlen + 1);
        int ret = para_decrypt_buffer(key_file, rsa_out, inbuf, rsa_inlen);
 
-       if (ret >= 0)
+       if (ret >= 0) {
+               rsa_out[ret] = '\0';
                ret = sscanf((char *)rsa_out, "%lu", challenge_nr) == 1?
                        1 : -E_CHALLENGE;
+       }
        OPENSSL_free(rsa_out);
        return ret;
 }