diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2004-06-30 11:53:34 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2004-06-30 11:53:34 +0000 |
| commit | 85bd4621dbc183def01bbdb7567dbec789e00bb3 (patch) | |
| tree | a01e25458d2f5972499bac4ec386987685d59d46 | |
| parent | 6c3759d78d885d3675094671a8bde9ff41c9a8cc (diff) | |
| download | curl-85bd4621dbc183def01bbdb7567dbec789e00bb3.tar.gz | |
Prevent a very long password to buffer overflow the global variable we
use when built with a very old OpenSSL version.
| -rw-r--r-- | lib/ssluse.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index adebde294..e70462211 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn, * If password has been given, we store that in the global * area (*shudder*) for a while: */ - strcpy(global_passwd, data->set.key_passwd); + size_t len = strlen(data->set.key_passwd); + if(len < sizeof(global_passwd)) + memcpy(global_passwd, data->set.key_passwd, len+1); #else /* * We set the password in the callback userdata |