rand: fix 'alnum': array is too small to include a terminating null character

It was that small on purpose, but this change now adds the null byte to
avoid the error.

Follow-up to 3aa3cc9b052353b1

Reported-by: Dan Fandrich
Ref: #11838
Closes #11870

diff --git a/lib/rand.c b/lib/rand.c
index 8cac9383acaf51344dc50c039a2d5bb1c21648d3..d7935b397e67e94fea39bba59f2cf03a4d9c4893 100644 (file)
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -275,14 +275,14 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
  * alphanumerical chars PLUS a null-terminating byte.
  */
 
-static const char alnum[26 + 26 + 10] =
+static const char alnum[] =
   "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 
 CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd,
                          size_t num)
 {
   CURLcode result = CURLE_OK;
-  const int alnumspace = sizeof(alnum);
+  const int alnumspace = sizeof(alnum) - 1;
   unsigned int r;
   DEBUGASSERT(num > 1);