Skip to content

Fix printf %.*s with non-terminated arg

Tim Rühsen requested to merge rockdaboot/fix-printf-string-without-termination into master

The OpenSSL code triggered this bug (it actually could crash wget2) in

debug_printf("ALPN: Server accepted protocol '%.*s'\n", (int) datalen, data);

If data is not terminated, a strlen(data) can cause a segmenation fault. Using strnlen() fixes it.

Approver's checklist:

  • The author has submitted the FSF Copyright Assignment and is listed in AUTHORS
  • There is a test suite reasonably covering new functionality or modifications
Edited by Tim Rühsen

Merge request reports