From: Daniel Gustafsson <daniel@yesql.se>
Date: Sun, 7 Oct 2018 20:36:25 +0000 (+0200)
Subject: gskit: make sure to terminate version string
X-Git-Tag: curl-7_62_0~79
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b55e85d4ec53eead7e99efa34f78a981bee32994;p=thirdparty%2Fcurl.git

gskit: make sure to terminate version string

In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.

Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
---

diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index d6be159ab9..8d1b3d6afc 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -1314,8 +1314,7 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
 
 static size_t Curl_gskit_version(char *buffer, size_t size)
 {
-  strncpy(buffer, "GSKit", size);
-  return strlen(buffer);
+  return snprintf(buffer, size, "GSKit");
 }