gskit: make sure to terminate version string

In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.

Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>

diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index d6be159ab9e910569dda9ff8d7eb848694b6f002..8d1b3d6afc8cc3774c668e44ed3036f4b9297645 100644 (file)
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -1314,8 +1314,7 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
 
 static size_t Curl_gskit_version(char *buffer, size_t size)
 {
-  strncpy(buffer, "GSKit", size);
-  return strlen(buffer);
+  return snprintf(buffer, size, "GSKit");
 }