strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,

it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck

1 files changed, 9 insertions, 8 deletions

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 0794a298b1..f532e254f9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s)
         BN_CTX *bn_ctx = NULL;
 
 #endif
+#ifndef OPENSSL_NO_PSK
+        size_t pskhintlen;
+#endif
         EVP_PKEY *pkey;
         const EVP_MD *md = NULL;
         unsigned char *p, *d;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
                 if (type & SSL_kPSK) {
-                        /*
-                         * Reserve size for record length and PSK identity hint.
-                         */
-                        n += 2 + strlen(s->ctx->psk_identity_hint);
+                        pskhintlen = strlen(s->ctx->psk_identity_hint);
+                        /* reserve size for record length and PSK identity hint*/
+                        n += 2 + pskhintlen;
                 } else
 #endif /* !OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
                 if (type & SSL_kPSK) {
                         /* copy PSK identity hint */
-                        s2n(strlen(s->ctx->psk_identity_hint), p);
+                        s2n(pskhintlen, p);
 
-                        strncpy((char *)p, s->ctx->psk_identity_hint,
-                           strlen(s->ctx->psk_identity_hint));
-                        p += strlen(s->ctx->psk_identity_hint);
+                        memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+                        p += pskhintlen;
                 }
 #endif