dn_indicates_v3_cert() does this: ``` len = ASN1_STRING_to_UTF8(&s, str); if (len < 0) { return 0; } r = fast_memneq(s + len - 4, ".net", 4); ``` Note that if the len < 4, we read bytes from a malloc header, which isn't a good thing at all. In practice, I don't think this should cause crashes or security failures, unless somebody is using a very weird malloc, or unless somebody has a hardened installation that detects this kind of invalid check. Still, this is a must-fix.