Buffer Overflow Vulnerability in WebSocket Handling

## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to the usage of the `strcpy` function, which can lead to a buffer overflow if the length of the input is not properly checked. The vulnerable code snippet is located at [this link](https://github.com/curl/curl/blob/e251e858b941e29bb95a6c0d26bb45981a872585/lib/ws.c#L581). ## Steps To Reproduce: 1. Trigger the WebSocket functionality with a crafted request. 2. Provide a base64-encoded nonce value that exceeds the buffer size. 3. Observe that the `strcpy` function is used without proper bounds checking. ## Fix: To address this issue, it is recommended to replace the `strcpy` function with the safer alternative `strncpy` and explicitly specify the maximum length to copy. Here's an example fix: ```c strncpy(keyval, randstr, sizeof(keyval) - 1); keyval[sizeof(keyval) - 1] = '\0'; // Null-terminate the string ``` This modification ensures that only a specified number of characters (up to the buffer size minus 1) are copied, preventing buffer overflow. ## Reference: https://cwe.mitre.org/data/definitions/122.html ## Impact This vulnerability may allow an attacker to execute arbitrary code, potentially leading to a compromise of the application or system. An attacker could exploit this weakness by providing a specially crafted WebSocket request, causing a buffer overflow and overwriting adjacent memory.