mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
Prevent a very long password to buffer overflow the global variable we
use when built with a very old OpenSSL version.
This commit is contained in:
parent
6c3759d78d
commit
85bd4621db
@ -261,7 +261,9 @@ int cert_stuff(struct connectdata *conn,
|
||||
* If password has been given, we store that in the global
|
||||
* area (*shudder*) for a while:
|
||||
*/
|
||||
strcpy(global_passwd, data->set.key_passwd);
|
||||
size_t len = strlen(data->set.key_passwd);
|
||||
if(len < sizeof(global_passwd))
|
||||
memcpy(global_passwd, data->set.key_passwd, len+1);
|
||||
#else
|
||||
/*
|
||||
* We set the password in the callback userdata
|
||||
|
Loading…
Reference in New Issue
Block a user