Improve gss debug printing of status_string.

Commit f52ee2f7 ensured the debug strings were properly '\0'
terminated.  However, it did not prevent the strncpy from reading past
the end of the status_string.value data; it simply capped it
afterwards.  Improve the code so it only reads up to
status_string.length without overwriting the buffer.

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
index d7a366d24d1af21a9bcc46a506d3f922152d048b..7d6d080a1edc5da51378562cec98a3b340a5a3f4 100644 (file)
--- a/imap/auth_gss.c
+++ b/imap/auth_gss.c
@@ -48,6 +48,7 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
        gss_buffer_desc status_string;
        char buf_maj[512];
        char buf_min[512];
+        size_t status_len;
        
        do
        {
@@ -59,9 +60,11 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
                                               &status_string);
                if (GSS_ERROR(maj_stat))
                        break;
-               strfcpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
-                if (status_string.length < sizeof(buf_maj))
-                  buf_maj[status_string.length] = '\0';
+                status_len = status_string.length;
+                if (status_len >= sizeof(buf_maj))
+                        status_len = sizeof(buf_maj) - 1;
+               strncpy(buf_maj, (char*) status_string.value, status_len);
+                buf_maj[status_len] = '\0';
                gss_release_buffer(&min_stat, &status_string);
                
                maj_stat = gss_display_status (&min_stat,
@@ -72,9 +75,11 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
                                               &status_string);
                if (!GSS_ERROR(maj_stat))
                {
-                       strfcpy(buf_min, (char*) status_string.value, sizeof(buf_min));
-                        if (status_string.length < sizeof(buf_min))
-                          buf_min[status_string.length] = '\0';
+                        status_len = status_string.length;
+                        if (status_len >= sizeof(buf_min))
+                                status_len = sizeof(buf_min) - 1;
+                       strncpy(buf_min, (char*) status_string.value, status_len);
+                        buf_min[status_len] = '\0';
                        gss_release_buffer(&min_stat, &status_string);
                }
        } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);