Don't read past the end of the string in BUF_strndup.

BUF_strlcpy still assumes |src| is a NUL-terminated string and will call strlen
on it to determine the actual length. BUF_strndup's input need not be
NUL-terminated.

Change-Id: I9ca95e92533d12f1b0283412249bda4f8cf92433
Reviewed-on: https://boringssl-review.googlesource.com/1997
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-10-19 04:31:47 -04:00 committed by Adam Langley
parent b698617007
commit 721e6e1500

View File

@ -187,7 +187,8 @@ char *BUF_strndup(const char *buf, size_t size) {
return NULL; return NULL;
} }
BUF_strlcpy(ret, buf, alloc_size); memcpy(ret, buf, size);
ret[size] = '\0';
return ret; return ret;
} }