From 721e6e1500de6741ebf73269e2dc6547a0236bdd Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sun, 19 Oct 2014 04:31:47 -0400
Subject: [PATCH] Don't read past the end of the string in BUF_strndup.

BUF_strlcpy still assumes |src| is a NUL-terminated string and will call strlen
on it to determine the actual length. BUF_strndup's input need not be
NUL-terminated.

Change-Id: I9ca95e92533d12f1b0283412249bda4f8cf92433
Reviewed-on: https://boringssl-review.googlesource.com/1997
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/buf/buf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c
index 94bbeafc..3fd822e2 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c
@@ -187,7 +187,8 @@ char *BUF_strndup(const char *buf, size_t size) {
     return NULL;
   }
 
-  BUF_strlcpy(ret, buf, alloc_size);
+  memcpy(ret, buf, size);
+  ret[size] = '\0';
   return ret;
 }