Prevent a very long password to buffer overflow the global variable we

use when built with a very old OpenSSL version.
author: Daniel Stenberg <daniel@haxx.se> 2004-06-30 11:53:34 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2004-06-30 11:53:34 +0000
commit: 85bd4621dbc183def01bbdb7567dbec789e00bb3 (patch)
tree: a01e25458d2f5972499bac4ec386987685d59d46 /lib/ssluse.c
parent: 6c3759d78d885d3675094671a8bde9ff41c9a8cc (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index adebde294..e70462211 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn,
        * If password has been given, we store that in the global
        * area (*shudder*) for a while:
        */
-      strcpy(global_passwd, data->set.key_passwd);
+      size_t len = strlen(data->set.key_passwd);
+      if(len < sizeof(global_passwd))
+        memcpy(global_passwd, data->set.key_passwd, len+1);
 #else
       /*
        * We set the password in the callback userdata
author	Daniel Stenberg <daniel@haxx.se>	2004-06-30 11:53:34 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2004-06-30 11:53:34 +0000
commit	85bd4621dbc183def01bbdb7567dbec789e00bb3 (patch)
tree	a01e25458d2f5972499bac4ec386987685d59d46 /lib/ssluse.c
parent	6c3759d78d885d3675094671a8bde9ff41c9a8cc (diff)