From 85bd4621dbc183def01bbdb7567dbec789e00bb3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 30 Jun 2004 11:53:34 +0000
Subject: Prevent a very long password to buffer overflow the global variable
 we use when built with a very old OpenSSL version.

---
 lib/ssluse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/ssluse.c b/lib/ssluse.c
index adebde294..e70462211 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn,
        * If password has been given, we store that in the global
        * area (*shudder*) for a while:
        */
-      strcpy(global_passwd, data->set.key_passwd);
+      size_t len = strlen(data->set.key_passwd);
+      if(len < sizeof(global_passwd))
+        memcpy(global_passwd, data->set.key_passwd, len+1);
 #else
       /*
        * We set the password in the callback userdata
-- 
cgit v1.2.3