No need for strncpy in passwordCallback

Summary:
[Folly] No need for `strncpy` in `passwordCallback`.

Careful reading of the documentation:

> The pem_passwd_cb must write the password into the provided buffer `buf` which is of size `size`.
>
> https://wiki.openssl.org/index.php?title=Manual:SSL_CTX_set_default_passwd_cb(3)&oldid=761

No mention is made of a requirement on the password being written into `buf` that it be null-terminated.

Reviewed By: knekritz, meyering

Differential Revision: D5524814

fbshipit-source-id: 6cfc588cdf3675281ffe39e6af376f3f0631d1b0

diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index 29b202f825dc80ab7063f05b30f39577e88e0ed6..3d440a8bfa040752469817df5ba55c7772488982 100644 (file)
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -641,12 +641,9 @@ int SSLContext::passwordCallback(char* password,
   std::string userPassword;
   // call user defined password collector to get password
   context->passwordCollector()->getPassword(userPassword, size);
-  auto length = int(userPassword.size());
-  if (length > size) {
-    length = size;
-  }
-  strncpy(password, userPassword.c_str(), size_t(length));
-  return length;
+  auto const length = std::min(userPassword.size(), size_t(size));
+  std::memcpy(password, userPassword.data(), length);
+  return int(length);
 }
 
 void SSLContext::setSSLLockTypes(std::map<int, LockType> inLockTypes) {