strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,

it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck

1 files changed, 9 insertions, 8 deletions

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 0794a298b1a..f532e254f98 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s)
 	BN_CTX *bn_ctx = NULL;
 
 #endif
+#ifndef OPENSSL_NO_PSK
+	size_t pskhintlen;
+#endif
 	EVP_PKEY *pkey;
 	const EVP_MD *md = NULL;
 	unsigned char *p, *d;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
-			/*
-			 * Reserve size for record length and PSK identity hint.
-			 */
-			n += 2 + strlen(s->ctx->psk_identity_hint);
+			pskhintlen = strlen(s->ctx->psk_identity_hint);
+			/* reserve size for record length and PSK identity hint*/
+			n += 2 + pskhintlen;
 		} else
 #endif /* !OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
 			/* copy PSK identity hint */
-			s2n(strlen(s->ctx->psk_identity_hint), p);
+			s2n(pskhintlen, p);
 
-			strncpy((char *)p, s->ctx->psk_identity_hint,
-			   strlen(s->ctx->psk_identity_hint));
-			p += strlen(s->ctx->psk_identity_hint);
+			memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+			p += pskhintlen;
 		}
 #endif