1 files changed, 4 insertions, 7 deletions

diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 5c126eb59..67d43bd56 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -247,8 +247,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
 
   /* Allocate our message */
   messagelen = 4;
-  if(authzid && *authzid)
-    messagelen += strlen(authzid) + 1;
+  if(authzid)
+    messagelen += strlen(authzid);
   message = malloc(messagelen);
   if(!message)
     return CURLE_OUT_OF_MEMORY;
@@ -260,13 +260,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
   message[2] = (max_size >> 8) & 0xFF;
   message[3] = max_size & 0xFF;
 
-  /* If given, append the authorization identity including the 0x00 based
-     terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization
-     identity is not terminated with the zero-valued (%x00) octet." it seems
-     necessary to include it. */
+  /* If given, append the authorization identity. */
 
   if(authzid && *authzid)
-    strcpy((char *) message + 4, authzid);
+    memcpy(message + 4, authzid, messagelen - 4);
 
   /* Setup the "authentication data" security buffer */
   input_token.value = message;