diff options
author | Sumitra Sharma <sumitraartsy@gmail.com> | 2023-09-12 12:00:21 +0530 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-09-18 14:10:17 +0200 |
commit | 2743594d73e65c38375c619e89ec62579e2c24a9 (patch) | |
tree | d520ff1f6365cfb37b0e4d85f945a9be74f06b5a /ssl | |
parent | 861027ffd06019baf82148837e30a992ca9b055e (diff) |
Enhance code safety and readability in SSL_get_shared_ciphers()
This commit introduces two key improvements:
1. Improve code safety by replacing the conditional statement with
`if (n >= size)` and using OPENSSL_strnlen() instead of strlen().
This change ensures proper buffer size handling and adheres to
secure coding practices.
2. Enhance code readability by substituting `strcpy(p, c->name)` with
`memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and
maintenance, even while mitigating a minimal buffer overflow risk.
These enhancements bolster the code's robustness and comprehensibility,
aligning with secure coding principles and best practices.
Fixes #19837
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21934)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b7fa9d78f7..fdc8b6b824 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3397,14 +3397,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) if (sk_SSL_CIPHER_find(srvrsk, c) < 0) continue; - n = strlen(c->name); - if (n + 1 > size) { + n = OPENSSL_strnlen(c->name, size); + if (n >= size) { if (p != buf) --p; *p = '\0'; return buf; } - strcpy(p, c->name); + memcpy(p, c->name, n); p += n; *(p++) = ':'; size -= n + 1; |