From 706eff9f1f144e6c9a1ed9c9646007760921cf67 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 16 Sep 2023 22:37:28 +0200 Subject: [PATCH] rand: fix 'alnum': array is too small to include a terminating null character It was that small on purpose, but this change now adds the null byte to avoid the error. Follow-up to 3aa3cc9b052353b1 Reported-by: Dan Fandrich Ref: #11838 Closes #11870 --- lib/rand.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/rand.c b/lib/rand.c index 8cac9383ac..d7935b397e 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -275,14 +275,14 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, * alphanumerical chars PLUS a null-terminating byte. */ -static const char alnum[26 + 26 + 10] = +static const char alnum[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, size_t num) { CURLcode result = CURLE_OK; - const int alnumspace = sizeof(alnum); + const int alnumspace = sizeof(alnum) - 1; unsigned int r; DEBUGASSERT(num > 1);