Don't allocate more than is needed in BUF_strndup().

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 151f5ea971aaa30a55f7ca755c46bac7825907c4..84236c7671bc3ce7fd6402809bafc3d3e742c777 100644 (file)
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -69,9 +69,14 @@ char *BUF_strdup(const char *str)
 char *BUF_strndup(const char *str, size_t siz)
        {
        char *ret;
+       size_t len;
 
        if (str == NULL) return(NULL);
 
+       len = strlen(str);
+       if (siz > len)
+           siz = len;
+
        ret=OPENSSL_malloc(siz+1);
        if (ret == NULL) 
                {