diff options
| author | Daniel Gustafsson <daniel@yesql.se> | 2018-10-07 22:36:25 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <daniel@yesql.se> | 2018-10-07 22:36:25 +0200 |
| commit | b55e85d4ec53eead7e99efa34f78a981bee32994 (patch) | |
| tree | 712708ebc6c2c6defa68f8ed9befc775a7555c99 /lib/vtls/gskit.c | |
| parent | c1af9b7690fa3d4c77b7abb08632e69748cb03b4 (diff) | |
| download | curl-b55e85d4ec53eead7e99efa34f78a981bee32994.tar.gz | |
gskit: make sure to terminate version string
In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.
Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
Diffstat (limited to 'lib/vtls/gskit.c')
| -rw-r--r-- | lib/vtls/gskit.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index d6be159ab..8d1b3d6af 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -1314,8 +1314,7 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) static size_t Curl_gskit_version(char *buffer, size_t size) { - strncpy(buffer, "GSKit", size); - return strlen(buffer); + return snprintf(buffer, size, "GSKit"); } |