strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,

it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck

1 files changed, 8 insertions, 4 deletions

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 47a0c0e2a2..6040dd96ca 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s)
         BN_CTX *bn_ctx = NULL;
 
 #endif
+#ifndef OPENSSL_NO_PSK
+        size_t pskhintlen;
+#endif
         EVP_PKEY *pkey;
         unsigned char *p, *d;
         int al, i;
@@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
                 if (type & SSL_kPSK) {
+                        pskhintlen = strlen(s->ctx->psk_identity_hint);
                         /* reserve size for record length and PSK identity hint*/
-                        n += 2 + strlen(s->ctx->psk_identity_hint);
+                        n += 2 + pskhintlen;
                 } else
 #endif /* !OPENSSL_NO_PSK */
                 {
@@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
                 if (type & SSL_kPSK) {
                         /* copy PSK identity hint */
-                        s2n(strlen(s->ctx->psk_identity_hint), p);
+                        s2n(pskhintlen, p);
 
-                        strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
-                        p += strlen(s->ctx->psk_identity_hint);
+                        memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+                        p += pskhintlen;
                 }
 #endif