From 265d1cc516f56a70fb142ee0ccdc74fc8fbe09d7 Mon Sep 17 00:00:00 2001
From: Francesco Chemolli <kinkie@squid-cache.org>
Date: Sat, 7 May 2022 11:03:32 +0000
Subject: [PATCH] Ensure null-termination of string in negotiate_wrapper
 (#1031)

Coverity identified a theoretical chance that a buffer may not be
null-terminated in negotiate_wrapper. The code flow is clean, adding a
forced null termination to apply defensive programming practices.
---
 src/auth/negotiate/wrapper/negotiate_wrapper.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
index 7f53e2ba61..bd69322433 100644
--- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -257,6 +257,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
         }
+        buff[sizeof(buff)-1] = '\0'; // paranoid; already terminated correctly
         fprintf(stdout,"%s",buff);
         if (debug_enabled)
             fprintf(stderr, "%s| %s: Return '%s'\n",
-- 
2.47.2