From 8edcfedc1a144f438bd1cdf814a0016cbe678aaf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 5 Jan 2024 11:58:48 +0100
Subject: [PATCH] ftp: use memdup0 to store the OS from a SYST 215 response

avoid malloc + direct buffer fiddle

Closes #12639
---
 lib/ftp.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/lib/ftp.c b/lib/ftp.c
index 65b4db9815..bf8b57db26 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2951,23 +2951,20 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
       if(ftpcode == 215) {
         char *ptr = &data->state.buffer[4];  /* start on the first letter */
         char *os;
-        char *store;
-
-        os = malloc(nread + 1);
-        if(!os)
-          return CURLE_OUT_OF_MEMORY;
+        char *start;
 
         /* Reply format is like
            215<space><OS-name><space><commentary>
         */
         while(*ptr == ' ')
           ptr++;
-        for(store = os; *ptr && *ptr != ' ';)
-          *store++ = *ptr++;
-        *store = '\0'; /* null-terminate */
+        for(start = ptr; *ptr && *ptr != ' '; ptr++)
+          ;
+        os = Curl_memdup0(start, ptr - start);
+        if(!os)
+          return CURLE_OUT_OF_MEMORY;
 
         /* Check for special servers here. */
-
         if(strcasecompare(os, "OS/400")) {
           /* Force OS400 name format 1. */
           result = Curl_pp_sendf(data, &ftpc->pp, "%s", "SITE NAMEFMT 1");
-- 
2.47.3