strdup: don't allow Curl_strndup to read past a null terminator
- Use malloc + strncpy instead of Curl_memdup to dupe the string before
null terminating it.
Prior to this change if Curl_strndup was passed a length longer than
the allocated string then it could copy out of bounds.
This change is for posterity. Curl_strndup was added in the parent
commit and currently none of the calls to it pass a length that would
cause it to read past the allocated length of the input.
Follow-up to
d3b3ba35.
Closes https://github.com/curl/curl/pull/12254
projects / thirdparty / curl.git / commit
