Use BUF_strlcpy() instead of strcpy().

Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
author: Richard Levitte <levitte@openssl.org> 2003-12-27 14:40:17 +0000
committer: Richard Levitte <levitte@openssl.org> 2003-12-27 14:40:17 +0000
commit: d420ac2c7d4ba9d99ff2c257a3ad71ecc6d876e2 (patch)
tree: 84414c7d794c6286588d2042f060036378311348 /apps/x509.c
parent: b79aa47a0c8478bea62fc2bb55f99e0be172da3d (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/apps/x509.c b/apps/x509.c
index 036e255054..d30fbbe1e5 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1048,24 +1048,26 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
 	char *buf = NULL, *p;
 	ASN1_INTEGER *bs = NULL;
 	BIGNUM *serial = NULL;
+	size_t len;
 
-	buf=OPENSSL_malloc( ((serialfile == NULL)
-			?(strlen(CAfile)+strlen(POSTFIX)+1)
-			:(strlen(serialfile)))+1);
+	len = ((serialfile == NULL)
+		?(strlen(CAfile)+strlen(POSTFIX)+1)
+		:(strlen(serialfile)))+1;
+	buf=OPENSSL_malloc(len);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
 	if (serialfile == NULL)
 		{
-		strcpy(buf,CAfile);
+		BUF_strlcpy(buf,CAfile,len);
 		for (p=buf; *p; p++)
 			if (*p == '.')
 				{
 				*p='\0';
 				break;
 				}
-		strcat(buf,POSTFIX);
+		BUF_strlcat(buf,POSTFIX,len);
 		}
 	else
-		strcpy(buf,serialfile);
+		BUF_strlcpy(buf,serialfile,len);
 
 	serial = load_serial(buf, create, NULL);
 	if (serial == NULL) goto end;
author	Richard Levitte <levitte@openssl.org>	2003-12-27 14:40:17 +0000
committer	Richard Levitte <levitte@openssl.org>	2003-12-27 14:40:17 +0000
commit	d420ac2c7d4ba9d99ff2c257a3ad71ecc6d876e2 (patch)
tree	84414c7d794c6286588d2042f060036378311348 /apps/x509.c
parent	b79aa47a0c8478bea62fc2bb55f99e0be172da3d (diff)