Avoid strcpy() in Esys install_tpm_passphrase

Coverity didn't like it, because it couldn't see that we had actually checked the length manually. By doing it like this we get to use free_pass() on the full initial password instead of just the truncated part, so it's not just a bogus "warning fix". Signed-off-by: David Woodhouse <dwmw2@infradead.org>
sailfishos-mirror · Oct 8, 2019 · b46a55b · b46a55b
1 parent f572e08
commit b46a55b
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/gnutls_tpm2_esys.c b/gnutls_tpm2_esys.c
@@ -168,13 +168,17 @@ static TPML_PCR_SELECTION allCreationPCR = {
 
 static void install_tpm_passphrase(struct openconnect_info *vpninfo, TPM2B_DIGEST *auth, char *pass)
 {
-	if (strlen(pass) > sizeof(auth->buffer) - 1) {
+	int pwlen = strlen(pass);
+
+	if (pwlen > sizeof(auth->buffer) - 1) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("TPM2 password too long; truncating\n"));
-		pass[sizeof(auth->buffer) - 1] = 0;
+		pwlen = sizeof(auth->buffer) - 1;
 	}
-	auth->size = strlen(pass);
-	strcpy((char *)auth->buffer, pass);
+	auth->size = pwlen;
+	memcpy(auth->buffer, pass, pwlen);
+	pass[pwlen] = 0;
+
 	free_pass(&pass);
 }