diff options
author | Sumitra Sharma <sumitraartsy@gmail.com> | 2023-09-12 12:00:21 +0530 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-09-18 14:11:52 +0200 |
commit | 31584555aa5cc8a9fa7d4fc517f261cc4c17d7a9 (patch) | |
tree | eb6ddcb35857da8685f12502fab4c29bef94a6a8 | |
parent | cdc4f2b5072f908e88e3aae83d87a7d095d2b36a (diff) |
Enhance code safety and readability in SSL_get_shared_ciphers()
This commit introduces two key improvements:
1. Improve code safety by replacing the conditional statement with
`if (n >= size)` and using OPENSSL_strnlen() instead of strlen().
This change ensures proper buffer size handling and adheres to
secure coding practices.
2. Enhance code readability by substituting `strcpy(p, c->name)` with
`memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and
maintenance, even while mitigating a minimal buffer overflow risk.
These enhancements bolster the code's robustness and comprehensibility,
aligning with secure coding principles and best practices.
Fixes #19837
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21934)
(cherry picked from commit 2743594d73e65c38375c619e89ec62579e2c24a9)
-rw-r--r-- | ssl/ssl_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 148af9f5c0..f87c9e2ea8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2810,14 +2810,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) if (sk_SSL_CIPHER_find(srvrsk, c) < 0) continue; - n = strlen(c->name); - if (n + 1 > size) { + n = OPENSSL_strnlen(c->name, size); + if (n >= size) { if (p != buf) --p; *p = '\0'; return buf; } - strcpy(p, c->name); + memcpy(p, c->name, n); p += n; *(p++) = ':'; size -= n + 1; |