diff options
author | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
commit | 54a656ef081f72a740c550ebd8099b40b8b5cde0 (patch) | |
tree | 9b3638b56848c7f0648b84cfa7ad056116b37a1b /apps/req.c | |
parent | 8f797f14b8ff7d3d5cb04443284259a0c94860b3 (diff) |
Security fixes brought forward from 0.9.7.
Diffstat (limited to 'apps/req.c')
-rw-r--r-- | apps/req.c | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/apps/req.c b/apps/req.c index 6beeef07a3..980138f041 100644 --- a/apps/req.c +++ b/apps/req.c @@ -73,6 +73,7 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -180,7 +181,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; long errline; #endif @@ -527,14 +528,7 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; config=NCONF_new(NULL); i=NCONF_load(config, p, &errline); @@ -1131,6 +1125,10 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); @@ -1293,13 +1291,19 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { @@ -1346,6 +1350,12 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) @@ -1449,6 +1459,7 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1458,7 +1469,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { @@ -1507,6 +1518,7 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1516,7 +1528,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { |