From b55e85d4ec53eead7e99efa34f78a981bee32994 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Sun, 7 Oct 2018 22:36:25 +0200 Subject: gskit: make sure to terminate version string In case a very small buffer was passed to the version function, it could result in the buffer not being NULL-terminated since strncpy() doesn't guarantee a terminator on an overflowed buffer. Rather than adding code to terminate (and handle zero-sized buffers), move to using snprintf() instead like all the other vtls backends. Closes #3105 Reviewed-by: Daniel Stenberg Reviewed-by: Viktor Szakats --- lib/vtls/gskit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index d6be159ab..8d1b3d6af 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -1314,8 +1314,7 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) static size_t Curl_gskit_version(char *buffer, size_t size) { - strncpy(buffer, "GSKit", size); - return strlen(buffer); + return snprintf(buffer, size, "GSKit"); } -- cgit v1.2.3