diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-11-28 16:12:58 -0500 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-12-15 11:47:17 +0100 |
| commit | 021410ea3fc3876538830839d16b67e610d12785 (patch) | |
| tree | 7178c87097f1083bc285a77f8ec179ceba343464 | |
| parent | c678f68a19638c1e2bbfee6a7a1d8d728976ce66 (diff) | |
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
53 files changed, 188 insertions, 106 deletions
diff --git a/apps/asn1pars.c b/apps/asn1pars.c index ae47aa8efc..798e8d1668 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -157,6 +157,8 @@ int asn1parse_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; @@ -488,7 +488,9 @@ opthelp: break; } } + end_of_options: + /* Remaining args are files to certify. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/ciphers.c b/apps/ciphers.c index 500b416046..3afbbe5002 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -176,11 +176,12 @@ int ciphers_main(int argc, char **argv) break; } } + + /* Optional arg is cipher name. */ argv = opt_rest(); argc = opt_num_rest(); - if (argc == 1) - ciphers = *argv; + ciphers = argv[0]; else if (argc != 0) goto opthelp; diff --git a/apps/cmp.c b/apps/cmp.c index d57c67c644..b830b6a3c5 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2289,7 +2289,9 @@ static int get_opts(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: - goto opt_err; + opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + return 0; case OPT_HELP: opt_help(cmp_options); return -1; @@ -2311,11 +2313,11 @@ static int get_opts(int argc, char **argv) break; case OPT_MSG_TIMEOUT: if ((opt_msg_timeout = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_TOTAL_TIMEOUT: if ((opt_total_timeout = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_TLS_USED: opt_tls_used = 1; @@ -2399,7 +2401,7 @@ static int get_opts(int argc, char **argv) case OPT_V_CASES: if (!opt_verify(o, vpm)) - goto opt_err; + goto opthelp; break; case OPT_CMD: opt_cmd_s = opt_str("cmd"); @@ -2425,7 +2427,7 @@ static int get_opts(int argc, char **argv) break; case OPT_DAYS: if ((opt_days = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_REQEXTS: opt_reqexts = opt_str("reqexts"); @@ -2450,7 +2452,7 @@ static int get_opts(int argc, char **argv) || opt_popo < OSSL_CRMF_POPO_NONE || opt_popo > OSSL_CRMF_POPO_KEYENC) { CMP_err("invalid popo spec. Valid values are -1 .. 2"); - goto opt_err; + goto opthelp; } break; case OPT_CSR: @@ -2480,7 +2482,7 @@ static int get_opts(int argc, char **argv) || opt_revreason > CRL_REASON_AA_COMPROMISE || opt_revreason == 7) { CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); - goto opt_err; + goto opthelp; } break; case OPT_CERTFORM: @@ -2499,7 +2501,7 @@ static int get_opts(int argc, char **argv) #endif case OPT_PROV_CASES: if (!opt_provider(o)) - goto opt_err; + goto opthelp; break; case OPT_BATCH: @@ -2531,7 +2533,7 @@ static int get_opts(int argc, char **argv) break; case OPT_MAX_MSGS: if ((opt_max_msgs = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_SRV_REF: opt_srv_ref = opt_str("srv_ref"); @@ -2604,17 +2606,13 @@ static int get_opts(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc != 0) { - CMP_err1("unknown parameter %s", argv[0]); - goto opt_err; - } + if (argc != 0) + goto opthelp; return 1; - - opt_err: - CMP_err1("use -help for summary of '%s' options", prog); - return 0; } int cmp_main(int argc, char **argv) diff --git a/apps/cms.c b/apps/cms.c index f9adc9a52c..e8254cb85c 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -699,6 +699,8 @@ int cms_main(int argc, char **argv) break; } } + + /* Remaining args are files to process. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/crl.c b/apps/crl.c index 680c0ee128..0daded01e3 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -201,6 +201,8 @@ int crl_main(int argc, char **argv) break; } } + + /* No remaining args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 9137f87239..577d80fa49 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -102,6 +102,8 @@ int crl2pkcs7_main(int argc, char **argv) break; } } + + /* No remaining args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/dgst.c b/apps/dgst.c index 4adf9cd9b4..7110a97cf4 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -220,6 +220,8 @@ int dgst_main(int argc, char **argv) break; } } + + /* Remaining args are files to digest. */ argc = opt_num_rest(); argv = opt_rest(); if (keyfile != NULL && argc > 1) { diff --git a/apps/dhparam.c b/apps/dhparam.c index ecb4e17db1..a69dfd3810 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -146,11 +146,17 @@ int dhparam_main(int argc, char **argv) break; } } + + /* One optional argument, bitsize to generate. */ argc = opt_num_rest(); argv = opt_rest(); + if (argc == 1) { + if (!opt_int(argv[0], &num) || num <= 0) + goto opthelp; + } else if (argc != 0) { + goto opthelp; + } - if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0)) - goto end; if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 75a0504548..2deda0a32c 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -150,6 +150,8 @@ int dsa_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 8bbd65700d..f09318f54b 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -125,15 +125,19 @@ int dsaparam_main(int argc, char **argv) break; } } + + /* Optional arg is bitsize. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc == 1) { if (!opt_int(argv[0], &num) || num < 0) - goto end; - /* generate a key */ - numbits = num; + goto opthelp; + } else if (argc != 0) { + goto opthelp; } + + /* generate a key */ + numbits = num; private = genkey ? 1 : 0; out = bio_open_owner(outfile, outformat, private); @@ -166,6 +166,8 @@ int ec_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/ecparam.c b/apps/ecparam.c index 3e20be24b2..06f017a548 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -172,6 +172,8 @@ int ecparam_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/enc.c b/apps/enc.c index 0f4cdae3c2..f97621b1a6 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -295,10 +295,11 @@ int enc_main(int argc, char **argv) break; } } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0) goto opthelp; - } if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); diff --git a/apps/engine.c b/apps/engine.c index 393008d5ce..b494a79447 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -360,7 +360,7 @@ int engine_main(int argc, char **argv) } } - /* Allow any trailing parameters as engine names. */ + /* Any remaining arguments are engine names. */ argc = opt_num_rest(); argv = opt_rest(); for ( ; *argv; argv++) { diff --git a/apps/errstr.c b/apps/errstr.c index 9e97698be3..782705a78a 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -52,16 +52,19 @@ int errstr_main(int argc, char **argv) } } + /* + * We're not really an SSL application so this won't auto-init, but + * we're still interested in SSL error strings + */ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + + /* All remaining arg are error code. */ ret = 0; - for (argv = opt_rest(); *argv; argv++) { + for (argv = opt_rest(); *argv != NULL; argv++) { if (sscanf(*argv, "%lx", &l) == 0) { ret++; } else { - /* We're not really an SSL application so this won't auto-init, but - * we're still interested in SSL error strings - */ - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_error_string_n(l, buf, sizeof(buf)); BIO_printf(bio_out, "%s\n", buf); } diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index d1cda24941..4a1b89d92c 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -373,7 +373,11 @@ opthelp: break; } } + + /* No extra arguments. */ argc = opt_num_rest(); + if (argc != 0) + goto opthelp; if (parent_config != NULL) { /* Test that a parent config can load the module */ @@ -386,9 +390,8 @@ opthelp: goto end; } if (module_fname == NULL - || (verify && in_fname == NULL) - || (!verify && out_fname == NULL) - || argc != 0) + || (verify && in_fname == NULL) + || (!verify && out_fname == NULL)) goto opthelp; tail = opt_path_end(module_fname); diff --git a/apps/gendsa.c b/apps/gendsa.c index f2afa1134a..d525f7093b 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -102,13 +102,15 @@ int gendsa_main(int argc, char **argv) break; } } + + /* One argument, the params file. */ argc = opt_num_rest(); argv = opt_rest(); - private = 1; - if (argc != 1) goto opthelp; - dsaparams = *argv; + + dsaparams = argv[0]; + private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genpkey.c b/apps/genpkey.c index d6ab0e6b17..523ec1da8f 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -153,6 +153,8 @@ int genpkey_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/genrsa.c b/apps/genrsa.c index 32f088238d..2cc1abfbe5 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -146,6 +146,8 @@ opthelp: break; } } + + /* One optional argument, the bitsize. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/info.c b/apps/info.c index ae6e34c9bc..5099853494 100644 --- a/apps/info.c +++ b/apps/info.c @@ -86,10 +86,8 @@ opthelp: break; } } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "%s: Extra parameters given.\n", prog); + if (opt_num_rest() != 0) goto opthelp; - } if (dirty > 1) { BIO_printf(bio_err, "%s: Only one item allowed\n", prog); goto opthelp; diff --git a/apps/kdf.c b/apps/kdf.c index ba14cfdc76..4bbb88a5ae 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -89,13 +89,12 @@ opthelp: break; } } + + /* One argument, the KDF name. */ argc = opt_num_rest(); argv = opt_rest(); - - if (argc != 1) { - BIO_printf(bio_err, "Invalid number of extra arguments\n"); + if (argc != 1) goto opthelp; - } if ((kdf = EVP_KDF_fetch(NULL, argv[0], NULL)) == NULL) { BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); diff --git a/apps/list.c b/apps/list.c index df25e00363..986a288757 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1529,10 +1529,10 @@ opthelp: } done = 1; } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + + /* No extra arguments. */ + if (opt_num_rest() != 0) goto opthelp; - } if (todo.commands) list_type(FT_general, one); diff --git a/apps/mac.c b/apps/mac.c index e751dcf0b1..ea75b33623 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -98,13 +98,12 @@ opthelp: break; } } + + /* One argument, the MAC name. */ argc = opt_num_rest(); argv = opt_rest(); - - if (argc != 1) { - BIO_printf(bio_err, "Invalid number of extra arguments\n"); + if (argc != 1) goto opthelp; - } mac = EVP_MAC_fetch(NULL, argv[0], NULL); if (mac == NULL) { diff --git a/apps/nseq.c b/apps/nseq.c index 92ae7bd34d..706ca58f65 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -71,6 +71,8 @@ int nseq_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/ocsp.c b/apps/ocsp.c index 174f237340..982423d1ef 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -514,14 +514,17 @@ int ocsp_main(int argc, char **argv) break; } } + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0) + goto opthelp; + if (trailing_md) { BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n", prog); goto opthelp; } - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; /* Have we anything to do? */ if (req == NULL && reqin == NULL diff --git a/apps/openssl.c b/apps/openssl.c index 9d697a8836..e6746087ad 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -347,6 +347,7 @@ int help_main(int argc, char **argv) } } + /* One optional argument, the command to get help for. */ if (opt_num_rest() == 1) { new_argv[0] = opt_rest()[0]; new_argv[1] = "--help"; diff --git a/apps/passwd.c b/apps/passwd.c index 5bf031566a..c39254460d 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -184,9 +184,10 @@ int passwd_main(int argc, char **argv) break; } } + + /* All remaining arguments are the password text */ argc = opt_num_rest(); argv = opt_rest(); - if (*argv != NULL) { if (pw_source_defined) goto opthelp; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 5c05fddf99..60e12cf932 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -335,7 +335,11 @@ int pkcs12_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); + if (argc != 0) + goto opthelp; if (export_pkcs12) { if ((options & INFO) != 0) @@ -421,8 +425,6 @@ int pkcs12_main(int argc, char **argv) enc = EVP_des_ede3_cbc(); } - if (argc != 0) - goto opthelp; private = 1; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index f09994df6d..efc58b10c9 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -110,6 +110,8 @@ int pkcs7_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 37f20b34c5..ae0824c6d2 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -193,6 +193,8 @@ int pkcs8_main(int argc, char **argv) #endif } } + + /* No extra arguments. */ argc = opt_num_rest(); |