From b093ef7445a648b64e167b1ea63c57921892ebeb Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 29 May 2002 08:31:45 +0000
Subject: [PATCH] There is a chance that the input string is larger than size,
 and on VMS, this wasn't checked and could possibly be exploitable (slim
 chance, but still)

---
 apps/apps.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index e797796e30..aca750b1f0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -310,9 +310,16 @@ void program_name(char *in, char *out, int size)
 
 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
-	strncpy(out,p,q-p);
-	out[q-p]='\0';
+		q = p + strlen(p);
+	strncpy(out,p,size-1);
+	if (q-p >= size)
+		{
+		out[size-1]='\0';
+		}
+	else
+		{
+		out[q-p]='\0';
+		}
 	}
 #else
 void program_name(char *in, char *out, int size)
-- 
2.40.0