diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
commit | eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (patch) | |
tree | 210a3fe7883637f3399cf661dadf89ff5d7b9b9e /apps/enc.c | |
parent | 67fdc99827916a397c23491edd97f2a5d374533a (diff) |
Bounds check string functions in apps.
This includes strcat, strcpy and sprintf.
In the x509 app, the code has been cleaned up as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3868)
Diffstat (limited to 'apps/enc.c')
-rw-r--r-- | apps/enc.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/apps/enc.c b/apps/enc.c index 338307330a..cc6fa0a1c3 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -312,7 +312,7 @@ int enc_main(int argc, char **argv) for (;;) { char prompt[200]; - sprintf(prompt, "enter %s %s password:", + BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -565,7 +565,7 @@ int enc_main(int argc, char **argv) #endif release_engine(e); OPENSSL_free(pass); - return (ret); + return ret; } static void show_ciphers(const OBJ_NAME *name, void *arg) @@ -599,7 +599,7 @@ static int set_hex(char *in, unsigned char *out, int size) n = strlen(in); if (n > (size * 2)) { BIO_printf(bio_err, "hex string is too long\n"); - return (0); + return 0; } memset(out, 0, size); for (i = 0; i < n; i++) { @@ -609,7 +609,7 @@ static int set_hex(char *in, unsigned char *out, int size) break; if (!isxdigit(j)) { BIO_printf(bio_err, "non-hex digit\n"); - return (0); + return 0; } j = (unsigned char)OPENSSL_hexchar2int(j); if (i & 1) @@ -617,5 +617,5 @@ static int set_hex(char *in, unsigned char *out, int size) else out[i / 2] = (j << 4); } - return (1); + return 1; } |