From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 Oct 2025 09:24:36 +0000 (+0200)
Subject: rustls: limit snprintf proper in cr_keylog_log_cb()
X-Git-Tag: rc-8_17_0-2~58
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c4db9eb491b3652235ddb5b18425c08b29da0408;p=thirdparty%2Fcurl.git

rustls: limit snprintf proper in cr_keylog_log_cb()

It should limit the size to the size of the target array, not the
incoming data.

Pointed out by ZeroPath
Closes #19095
---

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index ff2dea82b6..38e8a697a8 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -518,7 +518,7 @@ cr_keylog_log_cb(struct rustls_str label,
   (void)client_random_len;
   DEBUGASSERT(client_random_len == CLIENT_RANDOM_SIZE);
   /* Turning a "rustls_str" into a null delimited "c" string */
-  curl_msnprintf(clabel, label.len + 1, "%.*s", (int)label.len, label.data);
+  curl_msnprintf(clabel, sizeof(clabel), "%.*s", (int)label.len, label.data);
   Curl_tls_keylog_write(clabel, client_random, secret, secret_len);
 }