rgw/rgw_common.cc: fix char array '\0' termination

Fix for:

CID 1297863 (#1 of 1): Out-of-bounds access (OVERRUN)
 overrun-buffer-arg: Overrunning array secret_key_buf of 41 bytes
  by passing it to a function which accesses it at byte offset 41
  using argument key_buf_size (which evaluates to 41).
CID 1297865 (#1 of 1): Out-of-bounds access (OVERRUN)
 overrun-buffer-arg: Overrunning array secret_key_buf of 41
  bytes by passing it to a function which accesses it at byte
  offset 41 using argument 41.

 gen_rand_base64():
  index_parm: Pointer dest is directly accessed by indexing it
  with size.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index bfe97c28ed2fc5d6b6e46d88be9b0ce70f41729f..374e1eabd6d0755fbf9d3d76b2555194b758591b 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -456,7 +456,7 @@ int gen_rand_base64(CephContext *cct, char *dest, int size) /* size should be th
   }
   tmp_dest[ret] = '\0';
   memcpy(dest, tmp_dest, size);
-  dest[size] = '\0';
+  dest[size-1] = '\0';
 
   return 0;
 }