diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
commit | eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (patch) | |
tree | 210a3fe7883637f3399cf661dadf89ff5d7b9b9e /apps/pkcs12.c | |
parent | 67fdc99827916a397c23491edd97f2a5d374533a (diff) |
Bounds check string functions in apps.
This includes strcat, strcpy and sprintf.
In the x509 app, the code has been cleaned up as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3868)
Diffstat (limited to 'apps/pkcs12.c')
-rw-r--r-- | apps/pkcs12.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82d2bb972e..2ec8fdc856 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -27,6 +27,8 @@ NON_EMPTY_TRANSLATION_UNIT # define CLCERTS 0x8 # define CACERTS 0x10 +#define PASSWD_BUF_SIZE 2048 + static int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, @@ -119,7 +121,7 @@ int pkcs12_main(int argc, char **argv) { char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; char *name = NULL, *csp_name = NULL; - char pass[2048] = "", macpass[2048] = ""; + char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; # ifndef OPENSSL_NO_RC2 @@ -455,7 +457,7 @@ int pkcs12_main(int argc, char **argv) } if (!twopass) - strcpy(macpass, pass); + OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); p12 = PKCS12_create(cpass, name, key, ucert, certs, key_pbe, cert_pbe, iter, -1, keytype); @@ -583,7 +585,7 @@ int pkcs12_main(int argc, char **argv) OPENSSL_free(badpass); OPENSSL_free(passin); OPENSSL_free(passout); - return (ret); + return ret; } int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, |