Bounds check string functions in apps.

This includes strcat, strcpy and sprintf. In the x509 app, the code has been cleaned up as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3868)
author: Pauli <paul.dale@oracle.com> 2017-07-06 10:37:10 +1000
committer: Pauli <paul.dale@oracle.com> 2017-07-06 10:37:10 +1000
commit: eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (patch)
tree: 210a3fe7883637f3399cf661dadf89ff5d7b9b9e /apps/x509.c
parent: 67fdc99827916a397c23491edd97f2a5d374533a (diff)
1 files changed, 13 insertions, 20 deletions
diff --git a/apps/x509.c b/apps/x509.c
index 484192bbf1..840e12778b 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -890,34 +890,27 @@ int x509_main(int argc, char **argv)
     ASN1_OBJECT_free(objtmp);
     release_engine(e);
     OPENSSL_free(passin);
-    return (ret);
+    return ret;
 }
 
-static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile,
-                                      int create)
+static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+                                      const char *serialfile, int create)
 {
-    char *buf = NULL, *p;
+    char *buf = NULL;
     ASN1_INTEGER *bs = NULL;
     BIGNUM *serial = NULL;
-    size_t len;
 
-    len = ((serialfile == NULL)
-           ? (strlen(CAfile) + strlen(POSTFIX) + 1)
-           : (strlen(serialfile))) + 1;
-    buf = app_malloc(len, "serial# buffer");
     if (serialfile == NULL) {
-        strcpy(buf, CAfile);
-        for (p = buf; *p; p++)
-            if (*p == '.') {
-                *p = '\0';
-                break;
-            }
-        strcat(buf, POSTFIX);
-    } else {
-        strcpy(buf, serialfile);
+        const char *p = strchr(CAfile, '.');
+        size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile);
+
+        buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer");
+        memcpy(buf, CAfile, len);
+        memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
+        serialfile = buf;
     }
 
-    serial = load_serial(buf, create, NULL);
+    serial = load_serial(serialfile, create, NULL);
     if (serial == NULL)
         goto end;
 
@@ -926,7 +919,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile
         goto end;
     }
 
-    if (!save_serial(buf, NULL, serial, &bs))
+    if (!save_serial(serialfile, NULL, serial, &bs))
         goto end;
 
  end:
author	Pauli <paul.dale@oracle.com>	2017-07-06 10:37:10 +1000
committer	Pauli <paul.dale@oracle.com>	2017-07-06 10:37:10 +1000
commit	eee9552212ecc9e19bc09ea8a1b8428dc7394f45 (patch)
tree	210a3fe7883637f3399cf661dadf89ff5d7b9b9e /apps/x509.c
parent	67fdc99827916a397c23491edd97f2a5d374533a (diff)