diff --git a/src/common/ssl.c b/src/common/ssl.c index 71d4f1da..1ef28cfd 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -111,8 +111,8 @@ ASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm) buf[0] = 0; if (expires != NULL) { - memset (buf, 0, buf_len); - strncpy (buf, expires, 24); + /* expires is not \0 terminated */ + safe_strcpy (buf, expires, MIN(24, buf_len)); } BIO_free (inMem); } @@ -174,17 +174,17 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl) peer_pkey = X509_get_pubkey (peer_cert); - strncpy (cert_info->algorithm, + safe_strcpy (cert_info->algorithm, (alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg), sizeof (cert_info->algorithm)); cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey); - strncpy (cert_info->sign_algorithm, + safe_strcpy (cert_info->sign_algorithm, (sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg), sizeof (cert_info->sign_algorithm)); /* EVP_PKEY_bits(ca_pkey)); */ cert_info->sign_algorithm_bits = 0; - strncpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore)); - strncpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter)); + safe_strcpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore)); + safe_strcpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter)); EVP_PKEY_free (peer_pkey); @@ -213,9 +213,9 @@ _SSL_get_cipher_info (SSL * ssl) c = SSL_get_current_cipher (ssl); - strncpy (chiper_info.version, SSL_CIPHER_get_version (c), + safe_strcpy (chiper_info.version, SSL_CIPHER_get_version (c), sizeof (chiper_info.version)); - strncpy (chiper_info.chiper, SSL_CIPHER_get_name (c), + safe_strcpy (chiper_info.chiper, SSL_CIPHER_get_name (c), sizeof (chiper_info.chiper)); SSL_CIPHER_get_bits (c, &chiper_info.chiper_bits);