Increase internal security when using strncpy, by making sure the resulting string...

[openssl.git] / crypto / des / des.c

diff --git a/crypto/des/des.c b/crypto/des/des.c
index a03ce161af8c57f60bc1eed2b19eeb6e5a32aa80..d8c846b23dba6efc508fb6ca311b2de40e955c72 100644 (file)
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -153,12 +153,14 @@ int main(int argc, char **argv)
                                case 'c':
                                        cflag=1;
                                        strncpy(cksumname,p,200);
+                                       cksumname[sizeof(cksumname)-1]='\0';
                                        p+=strlen(cksumname);
                                        break;
                                case 'C':
                                        cflag=1;
                                        longk=1;
                                        strncpy(cksumname,p,200);
+                                       cksumname[sizeof(cksumname)-1]='\0';
                                        p+=strlen(cksumname);
                                        break;
                                case 'e':
@@ -190,6 +192,7 @@ int main(int argc, char **argv)
                                case 'u':
                                        uflag=1;
                                        strncpy(uuname,p,200);
+                                       uuname[sizeof(uuname)-1]='\0';
                                        p+=strlen(uuname);
                                        break;
                                case 'h':