projects / platform / core / security / yaca.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd5ade8)
Fix static analysis issue 01/238801/3
authorTomasz Swierczek <t.swierczek@samsung.com>
Fri, 17 Jul 2020 09:35:10 +0000 (11:35 +0200)
committerTomasz Swierczek <t.swierczek@samsung.com>
Fri, 17 Jul 2020 10:48:22 +0000 (12:48 +0200)
src/key.c: openssl_password_cb

according to openssl examples, password is considered a null-terminated string
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_passwd_cb.html)

Change-Id: I3b2fc13043e4adb7f5885d4140453297311e74f3

src/key.c patch | blob | history

diff --git a/src/key.c b/src/key.c
index d94e5332202ea82393be3d96f88570ead12b89d6..1eea8d975605f4d891a4bf0843d6c5bb56ff0bf2 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -62,10 +62,11 @@ static int openssl_password_cb(char *buf, int size, UNUSED int rwflag, void *u)
 
        size_t pass_len = strlen(cb_data->password);
 
-       if (pass_len > INT_MAX || (int)pass_len > size)
+       if (pass_len + 1 > INT_MAX || (int)pass_len + 1 > size)
                return 0;
 
        memcpy(buf, cb_data->password, pass_len);
+       buf[pass_len] = 0;
        cb_data->password_requested = true;
 
        return pass_len;
Domain: Security / Utilities;