Prevent a very long password to buffer overflow the global variable we

use when built with a very old OpenSSL version.
2024-08-13 17:03:50 -04:00 · 2004-06-30 11:53:34 +00:00 · 2004-06-30 11:53:34 +00:00 · 85bd4621db
commit 85bd4621db
parent 6c3759d78d
1 changed files with 3 additions and 1 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn,
       * If password has been given, we store that in the global
       * area (*shudder*) for a while:
       */
-      strcpy(global_passwd, data->set.key_passwd);
+      size_t len = strlen(data->set.key_passwd);
+      if(len < sizeof(global_passwd))
+        memcpy(global_passwd, data->set.key_passwd, len+1);
 #else
      /*
       * We set the password in the callback userdata