Description
If XSECCryptoX509::loadX509PEM(buf, len) is called with a nonzero len argument, it makes a zero-terminated copy (b) of the passed buffer, but still calls strstr() on the buf pointer passed to the function, not on b. This lets strstr() read past the memory region designated by the caller.