Don't read past the end of the string in BUF_strndup.
BUF_strlcpy still assumes |src| is a NUL-terminated string and will call strlen on it to determine the actual length. BUF_strndup's input need not be NUL-terminated. Change-Id: I9ca95e92533d12f1b0283412249bda4f8cf92433 Reviewed-on: https://boringssl-review.googlesource.com/1997 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
b698617007
commit
721e6e1500
@ -187,7 +187,8 @@ char *BUF_strndup(const char *buf, size_t size) {
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
BUF_strlcpy(ret, buf, alloc_size);
|
memcpy(ret, buf, size);
|
||||||
|
ret[size] = '\0';
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user