diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-06 10:37:10 +1000 |
commit | eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (patch) | |
tree | 210a3fe7883637f3399cf661dadf89ff5d7b9b9e /apps/x509.c | |
parent | 67fdc99827916a397c23491edd97f2a5d374533a (diff) |
Bounds check string functions in apps.
This includes strcat, strcpy and sprintf.
In the x509 app, the code has been cleaned up as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3868)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/apps/x509.c b/apps/x509.c index 484192bbf1..840e12778b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -890,34 +890,27 @@ int x509_main(int argc, char **argv) ASN1_OBJECT_free(objtmp); release_engine(e); OPENSSL_free(passin); - return (ret); + return ret; } -static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile, - int create) +static ASN1_INTEGER *x509_load_serial(const char *CAfile, + const char *serialfile, int create) { - char *buf = NULL, *p; + char *buf = NULL; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; - size_t len; - len = ((serialfile == NULL) - ? (strlen(CAfile) + strlen(POSTFIX) + 1) - : (strlen(serialfile))) + 1; - buf = app_malloc(len, "serial# buffer"); if (serialfile == NULL) { - strcpy(buf, CAfile); - for (p = buf; *p; p++) - if (*p == '.') { - *p = '\0'; - break; - } - strcat(buf, POSTFIX); - } else { - strcpy(buf, serialfile); + const char *p = strchr(CAfile, '.'); + size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile); + + buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer"); + memcpy(buf, CAfile, len); + memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); + serialfile = buf; } - serial = load_serial(buf, create, NULL); + serial = load_serial(serialfile, create, NULL); if (serial == NULL) goto end; @@ -926,7 +919,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile goto end; } - if (!save_serial(buf, NULL, serial, &bs)) + if (!save_serial(serialfile, NULL, serial, &bs)) goto end; end: |