generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated

Browse Source
This commit is contained in:
Richard Levitte
2002-02-28 12:42:19 +00:00
parent 5c62f68e14
commit 26414ee013
6 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/kssl.c
View File

@@ -1597,10 +1597,12 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
else
{
strncpy(*princ, entity->data, entity->length);
(*princ)[entity->length]='\0';
if (realm)
{
strcat (*princ, "@");
(void) strncat(*princ, realm->data, realm->length);
(*princ)[entity->length+1+realm->length]='\0';
}
}