From 90c5bf8d560c817cbb2e9d68d13cbaf92ba52335 Mon Sep 17 00:00:00 2001
From: TingPing <tingping@fedoraproject.org>
Date: Sat, 20 Sep 2014 13:52:31 -0400
Subject: [PATCH] Replace some unsafe usage of strncpy

Ensure everything is null terminated
---
 src/common/ssl.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/common/ssl.c b/src/common/ssl.c
index dced350..3ff925d 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -23,7 +23,9 @@
 #include <string.h>				  /* strncpy() */
 #include "ssl.h"					  /* struct cert_info */
 #include "inet.h"
-
+#ifndef MIN
+#define MIN(a, b) (a < b ? a : b)
+#endif
 
 /* globals */
 static struct chiper_info chiper_info;		/* static buffer for _SSL_get_cipher_info() */
@@ -85,8 +87,8 @@ ASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm)
 	buf[0] = 0;
 	if (expires != NULL)
 	{
-		memset (buf, 0, buf_len);
-		strncpy (buf, expires, 24);
+		/* expires is not \0 terminated */
+		safe_strcpy (buf, expires, MIN(24, buf_len));
 	}
 	BIO_free (inMem);
 }
@@ -148,17 +150,17 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
 
 	peer_pkey = X509_get_pubkey (peer_cert);
 
-	strncpy (cert_info->algorithm,
+	safe_strcpy (cert_info->algorithm,
 				(alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg),
 				sizeof (cert_info->algorithm));
 	cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey);
-	strncpy (cert_info->sign_algorithm,
+	safe_strcpy (cert_info->sign_algorithm,
 				(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
 				sizeof (cert_info->sign_algorithm));
 	/* EVP_PKEY_bits(ca_pkey)); */
 	cert_info->sign_algorithm_bits = 0;
-	strncpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
-	strncpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
+	safe_strcpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
+	safe_strcpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
 
 	EVP_PKEY_free (peer_pkey);
 
@@ -187,9 +189,9 @@ _SSL_get_cipher_info (SSL * ssl)
 
 
 	c = SSL_get_current_cipher (ssl);
-	strncpy (chiper_info.version, SSL_CIPHER_get_version (c),
+	safe_strcpy (chiper_info.version, SSL_CIPHER_get_version (c),
 				sizeof (chiper_info.version));
-	strncpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
+	safe_strcpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
 				sizeof (chiper_info.chiper));
 	SSL_CIPHER_get_bits (c, &chiper_info.chiper_bits);
 
-- 
2.11.4.GIT