diff options
author | Richard Levitte <levitte@openssl.org> | 2018-02-01 21:28:59 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2018-02-01 22:09:41 +0100 |
commit | 03cb2cc9e53f7ca7539069a388d2767fffa7cf66 (patch) | |
tree | 93b89041192d351470d1240e0d453df692651e4e /apps | |
parent | f345b1f39d9b4e4c9ef07e7522e9b2a870c9ca09 (diff) |
Fix of prefix bio filter (bf_prefix.c): rely on the given length
The assumption that the received buffer has to be NUL-terminated was
faulty.
Fault found in #5224
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5239)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/bf_prefix.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/bf_prefix.c b/apps/bf_prefix.c index 4d5e3a31c1..bae3c91bf8 100644 --- a/apps/bf_prefix.c +++ b/apps/bf_prefix.c @@ -96,7 +96,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl, *numwritten = 0; - while (*out != '\0') { + while (outl > 0) { size_t i; char c; @@ -111,7 +111,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl, } /* Now, go look for the next LF, or the end of the string */ - for (i = 0; (c = out[i]) != '\n' && c != '\0'; i++) + for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++) continue; if (c == '\n') i++; @@ -123,6 +123,7 @@ static int prefix_write(BIO *b, const char *out, size_t outl, if (!BIO_write_ex(BIO_next(b), out, i, &num)) return 0; out += num; + outl -= num; *numwritten += num; i -= num; } |