rustls: limit snprintf proper in cr_keylog_log_cb()

It should limit the size to the size of the target array, not the
incoming data.

Pointed out by ZeroPath
Closes #19095

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index ff2dea82b606a035abe629a1c25774ee72ffc67f..38e8a697a83b112af4059dae05e6467d17990a38 100644 (file)
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -518,7 +518,7 @@ cr_keylog_log_cb(struct rustls_str label,
   (void)client_random_len;
   DEBUGASSERT(client_random_len == CLIENT_RANDOM_SIZE);
   /* Turning a "rustls_str" into a null delimited "c" string */
-  curl_msnprintf(clabel, label.len + 1, "%.*s", (int)label.len, label.data);
+  curl_msnprintf(clabel, sizeof(clabel), "%.*s", (int)label.len, label.data);
   Curl_tls_keylog_write(clabel, client_random, secret, secret_len);
 }