From 71751855df3af991155f09fe0349b36d89b560d1 Mon Sep 17 00:00:00 2001
From: Octavian Guzu <octavguzu@meta.com>
Date: Mon, 3 Jul 2023 04:41:02 -0700
Subject: [PATCH] Set null-terminator after strncpy

Summary: When the length of `pkcs12.second.c_str()` is equal to `length`, strncpy won't write a null-terminator at the end of the destination string, making the destination unsafe to read and potentially cause an overflow.

Reviewed By: lblasa

Differential Revision: D46934320

fbshipit-source-id: 5e7acd49523b80105bcc47471facd9ff23b8a2b8
---
 iOS/FlipperKit/FlipperWebSocket.mm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/iOS/FlipperKit/FlipperWebSocket.mm b/iOS/FlipperKit/FlipperWebSocket.mm
index e2700e182..53529b882 100644
--- a/iOS/FlipperKit/FlipperWebSocket.mm
+++ b/iOS/FlipperKit/FlipperWebSocket.mm
@@ -92,6 +92,7 @@ void FlipperWebSocket::connect(FlipperConnectionManager* manager) {
         return std::string("");
       }
       strncpy(password, pkcs12.second.c_str(), length);
+      password[length - 1] = '\0';
       return pkcs12.first;
     };
   }