gnutls: prevent buffer overflow in get_cert_name

Mike Gilbert requested to merge floppym/openconnect:bug721570 into master

The test suite for ocserv calls openconnect with a certificate that has a name that is 84 bytes in length. The buffer passed to get_cert_name is currently 80 bytes.

The gnutls_x509_crt_get_dn_by_oid function will update the buffer size parameter if the buffer is too small.

       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
       enough, and in that case the  buf_size will be updated with the
       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
       data in the current index. On success 0 is returned.

Use a temporary variable to avoid clobbering the namelen variable that is passed to get_cert_name.

Bug: Signed-off-by: Sergei Trofimovich Signed-off-by: Mike Gilbert

Edited by Daniel Lenski

Merge request reports