From d8ac1ea77ea4028e5cd04f6fcde9fc4d883b3101 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Tue, 20 May 2014 13:52:31 +0100 Subject: [PATCH] Don't allocate more than is needed in BUF_strndup(). --- crypto/buffer/buf_str.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c index 11241f8727..a464eb6e25 100644 --- a/crypto/buffer/buf_str.c +++ b/crypto/buffer/buf_str.c @@ -71,9 +71,14 @@ char *BUF_strdup(const char *str) char *BUF_strndup(const char *str, size_t siz) { char *ret; + size_t len; if (str == NULL) return(NULL); + len = strlen(str); + if (siz > len) + siz = len; + ret=OPENSSL_malloc(siz+1); if (ret == NULL) { -- 2.25.1