commit 5b8a865f0b7ac3d3d9f05725d4a414bfeb58c9f2
author Willy Tarreau <w@1wt.eu> Tue Oct 29 10:48:50 2019 +0100
committer Willy Tarreau <w@1wt.eu> Wed Dec 11 11:31:00 2019 +0100
tree 0f65ced68d41e19b48cc17bbea8a72933ee21665
parent 599788ecf6b0dc77d66f39e68fefcdb09d3ee4c0

BUILD/MINOR: ssl: shut up a build warning about format truncation

Actually gcc believes it has detected a possible truncation but it
cannot since the output string is necessarily at least one char
shorter than what it expects. However addressing it is easy and
removes the need for an intermediate copy so let's do it.

(cherry picked from commit 0580052bb6f9c924daedfe62d779eade68677adf)
Signed-off-by: Willy Tarreau <w@1wt.eu>

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 01e539a..ea84ec9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3678,25 +3678,23 @@
 					}
 
 					if (is_bundle) {
-						char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
 						int dp_len;
 
 						dp_len = end - de->d_name;
-						snprintf(dp, dp_len + 1, "%s", de->d_name);
 
 						/* increment i and free de until we get to a non-bundle cert
 						 * Note here that we look at de_list[i + 1] before freeing de
-						 * this is important since ignore_entry will free de
+						 * this is important since ignore_entry will free de. This also
+						 * guarantees that de->d_name continues to hold the same prefix.
 						 */
-						while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
+						while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
 							free(de);
 							i++;
 							de = de_list[i];
 						}
 
-						snprintf(fp, sizeof(fp), "%s/%s", path, dp);
+						snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
 						cfgerr |= ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
-
 						/* Successfully processed the bundle */
 						goto ignore_entry;
 					}