From: Daniel Stenberg Date: Tue, 8 Oct 2024 11:04:43 +0000 (+0200) Subject: bearssl: avoid strpcy() when generating TLS version log message X-Git-Tag: curl-8_11_0~207 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=741e07edba6753fed6da6fa709d663df189a2ee4;p=thirdparty%2Fcurl.git bearssl: avoid strpcy() when generating TLS version log message Closes #15194 --- diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c index cf6ba5f07f..daf98d958f 100644 --- a/lib/vtls/bearssl.c +++ b/lib/vtls/bearssl.c @@ -761,7 +761,6 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, (struct bearssl_ssl_backend_data *)connssl->backend; br_ssl_session_parameters session; char cipher_str[64]; - char ver_str[16]; CURLcode ret; DEBUGASSERT(backend); @@ -772,6 +771,7 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, return CURLE_OK; if(ret == CURLE_OK) { unsigned int tver; + int subver = 0; if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) { failf(data, "SSL: connection closed during handshake"); @@ -780,19 +780,22 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, connssl->connecting_state = ssl_connect_3; /* Informational message */ tver = br_ssl_engine_get_version(&backend->ctx.eng); - if(tver == BR_TLS12) - strcpy(ver_str, "TLSv1.2"); - else if(tver == BR_TLS11) - strcpy(ver_str, "TLSv1.1"); - else if(tver == BR_TLS10) - strcpy(ver_str, "TLSv1.0"); - else { - msnprintf(ver_str, sizeof(ver_str), "TLS 0x%04x", tver); + switch(tver) { + case BR_TLS12: + subver = 2; /* 1.2 */ + break; + case BR_TLS11: + subver = 1; /* 1.1 */ + break; + case BR_TLS10: /* 1.0 */ + default: /* unknown, leave it at zero */ + break; } br_ssl_engine_get_session_parameters(&backend->ctx.eng, &session); Curl_cipher_suite_get_str(session.cipher_suite, cipher_str, sizeof(cipher_str), TRUE); - infof(data, "BearSSL: %s connection using %s", ver_str, cipher_str); + infof(data, "BearSSL: TLS v1.%d connection using %s", subver, + cipher_str); } return ret; }