Calling strncpy with a maximum size argument of 128 bytes on
destination array "options_ret->actual_mechanism" of size 128
bytes might leave the destination string unterminated
Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
---
src/auth_gss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 289bd5b..7d08262 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -593,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
strncpy(options_ret->actual_mechanism,
mechanism,
- sizeof(options_ret->actual_mechanism));
+ (sizeof(options_ret->actual_mechanism)-1));
}
gd->established = TRUE;
--
2.17.1
