From 73c9e533da75d578dfa576ec1e77e6ad916c409f Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 16 Apr 2014 20:36:35 +0000
Subject: Clean up dangerous strncpy use. This included a use where the
 resulting string was potentially not nul terminated and a place where malloc
 return was unchecked. while we're at it remove dummytest.c ok miod@

---
 src/lib/libcrypto/ts/ts_rsp_verify.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

(limited to 'src/lib/libcrypto/ts')

diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index a003207428..f241230ef4 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -538,7 +538,6 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
 	int i;
 	unsigned int length = 0;
 	char *result = NULL;
-	char *p;
 
 	/* Determine length first. */
 	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i)
@@ -554,17 +553,14 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
 		return NULL;
 		}
 	/* Concatenate the descriptions. */
-	for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i)
+	result[0] = '\0';
+	for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i)
 		{
 		ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
-		length = ASN1_STRING_length(current);
-		if (i > 0) *p++ = '/';
-		strncpy(p, (const char *)ASN1_STRING_data(current), length);
-		p += length;
+		if (i > 0)
+			strlcat(result, "/", length);
+		strlcat(result, ASN1_STRING_data(current), length);
 		}
-	/* We do have space for this, too. */
-	*p = '\0';
-	
 	return result;
 	}
 
-- 
cgit v1.2.3-55-g6feb