Fix static analysis issue

src/key.c: openssl_password_cb

according to openssl examples, password is considered a null-terminated string
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_passwd_cb.html)

Change-Id: I3b2fc13043e4adb7f5885d4140453297311e74f3

diff --git a/src/key.c b/src/key.c
index d94e533..1eea8d9 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -62,10 +62,11 @@ static int openssl_password_cb(char *buf, int size, UNUSED int rwflag, void *u)
 
        size_t pass_len = strlen(cb_data->password);
 
-       if (pass_len > INT_MAX || (int)pass_len > size)
+       if (pass_len + 1 > INT_MAX || (int)pass_len + 1 > size)
                return 0;
 
        memcpy(buf, cb_data->password, pass_len);
+       buf[pass_len] = 0;
        cb_data->password_requested = true;
 
        return pass_len;