generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use correct length when prompting for password.

Browse Source 
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
This commit is contained in:
Dr. Stephen Henson 2014-04-04 12:44:43 +01:00
parent 4a15b7c625
commit f16fede1cd
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/apps.c
View File

@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify,
if (ok >= 0) if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf, ok = UI_add_input_string(ui,prompt,ui_flags,buf,
PW_MIN_LENGTH,BUFSIZ-1); PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify) if (ok >= 0 && verify)
{ {
buff = (char *)OPENSSL_malloc(bufsiz); buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff, ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
PW_MIN_LENGTH,BUFSIZ-1, buf); PW_MIN_LENGTH,bufsiz-1, buf);
} }
if (ok >= 0) if (ok >= 0)
do do