From d8ac1ea77ea4028e5cd04f6fcde9fc4d883b3101 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@links.org>
Date: Tue, 20 May 2014 13:52:31 +0100
Subject: [PATCH 1/1] Don't allocate more than is needed in BUF_strndup().

---
 crypto/buffer/buf_str.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 11241f8727..a464eb6e25 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -71,9 +71,14 @@ char *BUF_strdup(const char *str)
 char *BUF_strndup(const char *str, size_t siz)
 	{
 	char *ret;
+	size_t len;
 
 	if (str == NULL) return(NULL);
 
+	len = strlen(str);
+	if (siz > len)
+	    siz = len;
+
 	ret=OPENSSL_malloc(siz+1);
 	if (ret == NULL) 
 		{
-- 
2.34.1