Don't read past the end of the string in BUF_strndup.

BUF_strlcpy still assumes |src| is a NUL-terminated string and will call strlen on it to determine the actual length. BUF_strndup's input need not be NUL-terminated. Change-Id: I9ca95e92533d12f1b0283412249bda4f8cf92433 Reviewed-on: https://boringssl-review.googlesource.com/1997 Reviewed-by: Adam Langley <agl@google.com>
2014-10-19 04:31:47 -04:00 · 2014-10-19 04:31:47 -04:00 · 721e6e1500
commit 721e6e1500
parent b698617007
1 changed files with 2 additions and 1 deletions
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c
@ -187,7 +187,8 @@ char *BUF_strndup(const char *buf, size_t size) {
    return NULL;
  }

-  BUF_strlcpy(ret, buf, alloc_size);
+  memcpy(ret, buf, size);
+  ret[size] = '\0';
  return ret;
 }