Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated

2002-02-28 12:42:19 +00:00 · 2002-02-28 12:42:19 +00:00 · 26414ee013
commit 26414ee013
parent 5c62f68e14
6 changed files with 18 additions and 4 deletions
--- a/5
+++ b/5
@ -1,6 +1,6 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/02/21 17:23:04 $
+  ______________                           $Date: 2002/02/28 12:42:00 $
  DEVELOPMENT STATE
@ -63,9 +63,6 @@
    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported
    o  "OpenSSL STATUS" is never up-to-date.
  OPEN ISSUES
--- a/apps/ca.c
+++ b/apps/ca.c
@ -571,6 +571,7 @@ bad:
 #else
 		strncpy(buf[0],X509_get_default_cert_area(),
 			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
 		buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
 		strcat(buf[0],"/");
 #endif
 		strcat(buf[0],CONFIG_FILE);
@ -1277,6 +1278,7 @@ bad:
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
 			strncpy(buf[0],serialfile,BSIZE-4);
 			buf[0][BSIZE-4]='\0';
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[0],"-new");
@ -1287,6 +1289,7 @@ bad:
 			if (!save_serial(buf[0],serial)) goto err;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[1],"-new");
@ -1317,6 +1320,7 @@ bad:
 			p=(char *)x->cert_info->serialNumber->data;
 			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
 			buf[2][BSIZE-(j*2)-6]='\0';
 #ifndef OPENSSL_SYS_VMS
 			strcat(buf[2],"/");
@ -1354,6 +1358,7 @@ bad:
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
 			buf[2][BSIZE-4]='\0';
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[2],"-old");
@ -1382,6 +1387,7 @@ bad:
 				}
 			strncpy(buf[2],dbfile,BSIZE-4);
 			buf[2][BSIZE-4]='\0';
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[2],"-old");
@ -1554,6 +1560,7 @@ bad:
 			X509_free(revcert);
 			strncpy(buf[0],dbfile,BSIZE-4);
 			buf[0][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
 			strcat(buf[0],".new");
 #else
@ -1568,6 +1575,7 @@ bad:
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
 			strcat(buf[1],".old");
 #else
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@ -153,12 +153,14 @@ int main(int argc, char **argv)
 				case 'c':
 					cflag=1;
 					strncpy(cksumname,p,200);
 					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'C':
 					cflag=1;
 					longk=1;
 					strncpy(cksumname,p,200);
 					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'e':
@ -190,6 +192,7 @@ int main(int argc, char **argv)
 				case 'u':
 					uflag=1;
 					strncpy(uuname,p,200);
 					uuname[sizeof(uuname)-1]='\0';
 					p+=strlen(uuname);
 					break;
 				case 'h':
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@ -71,7 +71,10 @@ void EVP_set_pw_prompt(char *prompt)
 	if (prompt == NULL)
 		prompt_string[0]='\0';
 	else
 		{
 		strncpy(prompt_string,prompt,79);
 		prompt_string[79]='\0';
 		}
 	}
 char *EVP_get_pw_prompt(void)
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@ -94,6 +94,7 @@ int i;
 		OPENSSL_free(b);
 		}
 	    strncpy(buf,"NO X509_NAME",len);
 	    buf[len-1]='\0';
 	    return buf;
 	    }
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@ -1597,10 +1597,12 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
 	else
                {
 		strncpy(*princ, entity->data, entity->length);
 		(*princ)[entity->length]='\0';
 		if (realm)
                        {
 			strcat (*princ, "@");
 			(void) strncat(*princ, realm->data, realm->length);
 			(*princ)[entity->length+1+realm->length]='\0';
 			}
 		}