Ensure a string is properly terminated in http_client.c

In HTTP_new_bio(), if the host has a trailing '/' we took a copy of the hostname but failed to terminate it properly. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12275)
author: Matt Caswell <matt@openssl.org> 2020-06-25 12:21:07 +0100
committer: Matt Caswell <matt@openssl.org> 2020-07-03 17:18:41 +0100
commit: 5a640713f34d4b9b6bf9520a46b0c8ee3334d8bf (patch)
tree: 0d43e083ea55a9a084c4f11aeb105a5112dc0835 /crypto/http/http_client.c
parent: 64bb6276d17cc78c15e0bbea2cce899ba9b6778d (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index a8dda0050a..3e1be1f569 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -712,10 +712,15 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
     }
 
     host_end = strchr(host, '/');
-    if (host_end != NULL && (size_t)(host_end - host) < sizeof(host_name)) {
-        /* chop trailing string starting with '/' */
-        strncpy(host_name, host, host_end - host + 1);
-        host = host_name;
+    if (host_end != NULL) {
+        size_t host_len = host_end - host;
+
+        if (host_len < sizeof(host_name)) {
+            /* chop trailing string starting with '/' */
+            strncpy(host_name, host, host_len);
+            host_name[host_len] = '\0';
+            host = host_name;
+        }
     }
 
     cbio = BIO_new_connect(host /* optionally includes ":port" */);
author	Matt Caswell <matt@openssl.org>	2020-06-25 12:21:07 +0100
committer	Matt Caswell <matt@openssl.org>	2020-07-03 17:18:41 +0100
commit	5a640713f34d4b9b6bf9520a46b0c8ee3334d8bf (patch)
tree	0d43e083ea55a9a084c4f11aeb105a5112dc0835 /crypto/http/http_client.c
parent	64bb6276d17cc78c15e0bbea2cce899ba9b6778d (diff)