diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c --- a/snmplib/snmp_openssl.c 2021-01-28 14:10:05.993443671 +0100 +++ b/snmplib/snmp_openssl.c 2021-01-28 14:17:52.531088559 +0100 @@ -284,31 +284,29 @@ _cert_get_extension(X509_EXTENSION *oex } if (X509V3_EXT_print(bio, oext, 0, 0) != 1) { snmp_log(LOG_ERR, "could not print extension!\n"); - BIO_vfree(bio); - return NULL; + goto out; } space = BIO_get_mem_data(bio, &data); if (buf && *buf) { - if (*len < space) - buf_ptr = NULL; - else - buf_ptr = *buf; + if (*len < space + 1) { + snmp_log(LOG_ERR, "not enough buffer space to print extension\n"); + goto out; + } + buf_ptr = *buf; + } else { + buf_ptr = calloc(1, space + 1); } - else - buf_ptr = calloc(1,space + 1); if (!buf_ptr) { - snmp_log(LOG_ERR, - "not enough space or error in allocation for extenstion\n"); - BIO_vfree(bio); - return NULL; + snmp_log(LOG_ERR, "error in allocation for extenstion\n"); + goto out; } memcpy(buf_ptr, data, space); buf_ptr[space] = 0; if (len) *len = space; - +out: BIO_vfree(bio); return buf_ptr; @@ -479,7 +477,7 @@ netsnmp_openssl_cert_dump_extensions(X50 { X509_EXTENSION *extension; const char *extension_name; - char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf; + char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf; int i, num_extensions, buf_len, nid; if (NULL == ocert) @@ -499,6 +497,11 @@ netsnmp_openssl_cert_dump_extensions(X50 extension_name = OBJ_nid2sn(nid); buf_len = sizeof(buf); str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0); + if (!str) { + DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i, + extension_name)); + continue; + } lf = strchr(str, '\n'); /* look for multiline strings */ if (NULL != lf) *lf = '\0'; /* only log first line of multiline here */