1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

Prevent a very long password to buffer overflow the global variable we

use when built with a very old OpenSSL version.
This commit is contained in:
Daniel Stenberg 2004-06-30 11:53:34 +00:00
parent 6c3759d78d
commit 85bd4621db

View File

@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn,
* If password has been given, we store that in the global
* area (*shudder*) for a while:
*/
strcpy(global_passwd, data->set.key_passwd);
size_t len = strlen(data->set.key_passwd);
if(len < sizeof(global_passwd))
memcpy(global_passwd, data->set.key_passwd, len+1);
#else
/*
* We set the password in the callback userdata