From c4db9eb491b3652235ddb5b18425c08b29da0408 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 17 Oct 2025 11:24:36 +0200 Subject: [PATCH] rustls: limit snprintf proper in cr_keylog_log_cb() It should limit the size to the size of the target array, not the incoming data. Pointed out by ZeroPath Closes #19095 --- lib/vtls/rustls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index ff2dea82b6..38e8a697a8 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -518,7 +518,7 @@ cr_keylog_log_cb(struct rustls_str label, (void)client_random_len; DEBUGASSERT(client_random_len == CLIENT_RANDOM_SIZE); /* Turning a "rustls_str" into a null delimited "c" string */ - curl_msnprintf(clabel, label.len + 1, "%.*s", (int)label.len, label.data); + curl_msnprintf(clabel, sizeof(clabel), "%.*s", (int)label.len, label.data); Curl_tls_keylog_write(clabel, client_random, secret, secret_len); } -- 2.47.3