Home Explore Help
Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

gskit: make sure to terminate version string

In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.

Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
Daniel Gustafsson 5 years ago
parent
c1af9b7690
commit
b55e85d4ec
1 changed files with 1 additions and 2 deletions
Split View Show Diff Stats
  1. 1 2
      lib/vtls/gskit.c

+ 1 - 2
lib/vtls/gskit.c
View File 

@@ -1314,8 +1314,7 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
 
 
 static size_t Curl_gskit_version(char *buffer, size_t size)
 
 {
 
-  strncpy(buffer, "GSKit", size);
 
-  return strlen(buffer);
 
+  return snprintf(buffer, size, "GSKit");
 
 }