From e74ceef6f9d10b3369756904d30ec423081cd931 Mon Sep 17 00:00:00 2001 From: Yedidya Feldblum Date: Mon, 31 Jul 2017 12:04:10 -0700 Subject: [PATCH] No need for strncpy in passwordCallback Summary: [Folly] No need for `strncpy` in `passwordCallback`. Careful reading of the documentation: > The pem_passwd_cb must write the password into the provided buffer `buf` which is of size `size`. > > https://wiki.openssl.org/index.php?title=Manual:SSL_CTX_set_default_passwd_cb(3)&oldid=761 No mention is made of a requirement on the password being written into `buf` that it be null-terminated. Reviewed By: knekritz, meyering Differential Revision: D5524814 fbshipit-source-id: 6cfc588cdf3675281ffe39e6af376f3f0631d1b0 --- folly/io/async/SSLContext.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp index 29b202f8..3d440a8b 100644 --- a/folly/io/async/SSLContext.cpp +++ b/folly/io/async/SSLContext.cpp @@ -641,12 +641,9 @@ int SSLContext::passwordCallback(char* password, std::string userPassword; // call user defined password collector to get password context->passwordCollector()->getPassword(userPassword, size); - auto length = int(userPassword.size()); - if (length > size) { - length = size; - } - strncpy(password, userPassword.c_str(), size_t(length)); - return length; + auto const length = std::min(userPassword.size(), size_t(size)); + std::memcpy(password, userPassword.data(), length); + return int(length); } void SSLContext::setSSLLockTypes(std::map inLockTypes) { -- 2.34.1