From: Ben Laurie <ben@links.org>
Date: Tue, 20 May 2014 12:52:31 +0000 (+0100)
Subject: Don't allocate more than is needed in BUF_strndup().
X-Git-Tag: OpenSSL_1_0_2-beta2~203
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4ceb430a468e8226175aa3f169c0e746877c17e1;p=openssl

Don't allocate more than is needed in BUF_strndup().
---

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 151f5ea971..84236c7671 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -69,9 +69,14 @@ char *BUF_strdup(const char *str)
 char *BUF_strndup(const char *str, size_t siz)
 	{
 	char *ret;
+	size_t len;
 
 	if (str == NULL) return(NULL);
 
+	len = strlen(str);
+	if (siz > len)
+	    siz = len;
+
 	ret=OPENSSL_malloc(siz+1);
 	if (ret == NULL) 
 		{