From: Sumitra Sharma <sumitraartsy@gmail.com>
Date: Tue, 12 Sep 2023 06:30:21 +0000 (+0530)
Subject: Enhance code safety and readability in SSL_get_shared_ciphers()
X-Git-Tag: openssl-3.2.0-alpha2~61
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2743594d73e65c38375c619e89ec62579e2c24a9;p=thirdparty%2Fopenssl.git

Enhance code safety and readability in SSL_get_shared_ciphers()

This commit introduces two key improvements:

1. Improve code safety by replacing the conditional statement with
`if (n >= size)` and using OPENSSL_strnlen() instead of strlen().
This change ensures proper buffer size handling and adheres to
secure coding practices.

2. Enhance code readability by substituting `strcpy(p, c->name)` with
`memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and
maintenance, even while mitigating a minimal buffer overflow risk.

These enhancements bolster the code's robustness and comprehensibility,
aligning with secure coding principles and best practices.

Fixes #19837

Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21934)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b7fa9d78f70..fdc8b6b8241 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3397,14 +3397,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
         if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
             continue;
 
-        n = strlen(c->name);
-        if (n + 1 > size) {
+        n = OPENSSL_strnlen(c->name, size);
+        if (n >= size) {
             if (p != buf)
                 --p;
             *p = '\0';
             return buf;
         }
-        strcpy(p, c->name);
+        memcpy(p, c->name, n);
         p += n;
         *(p++) = ':';
         size -= n + 1;