Enhance code safety and readability in SSL_get_shared_ciphers()

This commit introduces two key improvements: 1. Improve code safety by replacing the conditional statement with `if (n >= size)` and using OPENSSL_strnlen() instead of strlen(). This change ensures proper buffer size handling and adheres to secure coding practices. 2. Enhance code readability by substituting `strcpy(p, c->name)` with `memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and maintenance, even while mitigating a minimal buffer overflow risk. These enhancements bolster the code's robustness and comprehensibility, aligning with secure coding principles and best practices. Fixes #19837 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21934) (cherry picked from commit 2743594)
openssl · Sep 18, 2023 · 36f1b6e · 36f1b6e
1 parent 3558a8c
commit 36f1b6e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
@@ -2809,14 +2809,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
         if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
             continue;
 
-        n = strlen(c->name);
-        if (n + 1 > size) {
+        n = OPENSSL_strnlen(c->name, size);
+        if (n >= size) {
             if (p != buf)
                 --p;
             *p = '\0';
             return buf;
         }
-        strcpy(p, c->name);
+        memcpy(p, c->name, n);
         p += n;
         *(p++) = ':';
         size -= n + 1;