[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Tue Jun 26 13:51:36 UTC 2018 

The branch OpenSSL_1_0_2-stable has been updated
       via  da0bbdd62614df6d6a33f91142a3e72525f7186e (commit)
      from  e78c4f531d44d2454ba44b9de615920d340e77ce (commit)


- Log -----------------------------------------------------------------
commit da0bbdd62614df6d6a33f91142a3e72525f7186e
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Mon Jun 25 09:53:46 2018 +0200

    Fix some more gcc-9 warnings [-Wstringop-truncation]
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6586)

-----------------------------------------------------------------------

Summary of changes:
 apps/passwd.c | 6 +++---
 ssl/s3_srvr.c | 9 +++++----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/apps/passwd.c b/apps/passwd.c
index 56e10ad..718f0e0 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
     out_buf[0] = '$';
     out_buf[1] = 0;
     assert(strlen(magic) <= 4); /* "1" or "apr1" */
-    strncat(out_buf, magic, 4);
-    strncat(out_buf, "$", 1);
-    strncat(out_buf, salt, 8);
+    BUF_strlcat(out_buf, magic, sizeof(out_buf));
+    BUF_strlcat(out_buf, "$", sizeof(out_buf));
+    BUF_strlcat(out_buf, salt, sizeof(out_buf));
     assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
     salt_out = out_buf + 2 + strlen(magic);
     salt_len = strlen(salt_out);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 96d973c..753b804 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1959,11 +1959,12 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 #ifndef OPENSSL_NO_PSK
         if (type & SSL_kPSK) {
+            size_t len = strlen(s->ctx->psk_identity_hint);
+
             /* copy PSK identity hint */
-            s2n(strlen(s->ctx->psk_identity_hint), p);
-            strncpy((char *)p, s->ctx->psk_identity_hint,
-                    strlen(s->ctx->psk_identity_hint));
-            p += strlen(s->ctx->psk_identity_hint);
+            s2n(len, p);
+            memcpy(p, s->ctx->psk_identity_hint, len);
+            p += len;
         }
 #endif

More information about the openssl-commits mailing list