crypto: fix fingerprint string size calculation

The function generating fingerprint strings never accesses more than
EVP_MAX_MD_SIZE * 3 characters, including the terminating '\0'.

PR-URL: #42175
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>

Author: tniessen

src/crypto/crypto_common.cc

@@ -421,7 +421,7 @@ MaybeLocal<Object> GetLastIssuedCert(
 void AddFingerprintDigest(
     const unsigned char* md,
     unsigned int md_size,
-    char fingerprint[3 * EVP_MAX_MD_SIZE + 1]) {
+    char fingerprint[3 * EVP_MAX_MD_SIZE]) {
   unsigned int i;
   const char hex[] = "0123456789ABCDEF";
 
@@ -571,7 +571,7 @@ MaybeLocal<Value> GetFingerprintDigest(
     X509* cert) {
   unsigned char md[EVP_MAX_MD_SIZE];
   unsigned int md_size;
-  char fingerprint[EVP_MAX_MD_SIZE * 3 + 1];
+  char fingerprint[EVP_MAX_MD_SIZE * 3];
 
   if (X509_digest(cert, method, md, &md_size)) {
     AddFingerprintDigest(md, md_size, fingerprint);