diff options
| author | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
|---|---|---|
| committer | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
| commit | 54a656ef081f72a740c550ebd8099b40b8b5cde0 (patch) | |
| tree | 9b3638b56848c7f0648b84cfa7ad056116b37a1b /apps | |
| parent | 8f797f14b8ff7d3d5cb04443284259a0c94860b3 (diff) | |
Security fixes brought forward from 0.9.7.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/Makefile.ssl | 51 | ||||
| -rw-r--r-- | apps/apps.c | 39 | ||||
| -rw-r--r-- | apps/apps.h | 1 | ||||
| -rw-r--r-- | apps/ca.c | 56 | ||||
| -rw-r--r-- | apps/ciphers.c | 2 | ||||
| -rw-r--r-- | apps/dgst.c | 2 | ||||
| -rw-r--r-- | apps/enc.c | 16 | ||||
| -rw-r--r-- | apps/ocsp.c | 2 | ||||
| -rw-r--r-- | apps/openssl.c | 18 | ||||
| -rw-r--r-- | apps/pkcs12.c | 4 | ||||
| -rw-r--r-- | apps/pkcs8.c | 4 | ||||
| -rw-r--r-- | apps/req.c | 36 | ||||
| -rw-r--r-- | apps/s_cb.c | 4 | ||||
| -rw-r--r-- | apps/s_client.c | 10 | ||||
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | apps/s_socket.c | 9 | ||||
| -rw-r--r-- | apps/s_time.c | 7 | ||||
| -rw-r--r-- | apps/speed.c | 2 | ||||
| -rw-r--r-- | apps/verify.c | 3 | ||||
| -rw-r--r-- | apps/winrand.c | 1 | ||||
| -rw-r--r-- | apps/x509.c | 7 |
21 files changed, 170 insertions, 110 deletions
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 01346531e3..f1a4ad0fde 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -852,31 +852,32 @@ rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h rand.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h rand.o: ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -req.o: ../include/openssl/bn.h ../include/openssl/buffer.h -req.o: ../include/openssl/cast.h ../include/openssl/conf.h -req.o: ../include/openssl/crypto.h ../include/openssl/des.h -req.o: ../include/openssl/des_old.h ../include/openssl/dh.h -req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/idea.h ../include/openssl/lhash.h -req.o: ../include/openssl/md2.h ../include/openssl/md4.h -req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rc2.h -req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/des_old.h +req.o: ../include/openssl/dh.h ../include/openssl/dsa.h +req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/idea.h +req.o: ../include/openssl/lhash.h ../include/openssl/md2.h +req.o: ../include/openssl/md4.h ../include/openssl/md5.h +req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +req.o: ../include/openssl/pem.h ../include/openssl/pem2.h +req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +req.o: ../include/openssl/sha.h ../include/openssl/stack.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/apps/apps.c b/apps/apps.c index be7a80acb8..305227d7ab 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -337,8 +337,7 @@ void program_name(char *in, char *out, int size) p++; else p=in; - strncpy(out,p,size-1); - out[size-1]='\0'; + BUF_strlcpy(out,p,size); } #endif #endif @@ -447,16 +446,20 @@ int app_init(long mesgwin) int dump_cert_text (BIO *out, X509 *x) { - char buf[256]; - X509_NAME_oneline(X509_get_subject_name(x),buf,256); + char *p; + + p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0); BIO_puts(out,"subject="); - BIO_puts(out,buf); + BIO_puts(out,p); + OPENSSL_free(p); - X509_NAME_oneline(X509_get_issuer_name(x),buf,256); - BIO_puts(out,"\nissuer= "); - BIO_puts(out,buf); + p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0); + BIO_puts(out,"\nissuer="); + BIO_puts(out,p); BIO_puts(out,"\n"); - return 0; + OPENSSL_free(p); + + return 0; } static int ui_open(UI *ui) @@ -978,7 +981,7 @@ load_netscape_key(BIO *err, BIO *key, const char *file, goto error; for (;;) { - if (!BUF_MEM_grow(buf,size+1024*10)) + if (!BUF_MEM_grow_clean(buf,size+1024*10)) goto error; i = BIO_read(key, &(buf->data[size]), 1024*10); size += i; @@ -1253,6 +1256,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) char *buf; char mline = 0; int indent = 0; + if(title) BIO_puts(out, title); if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mline = 1; @@ -1374,3 +1378,18 @@ int load_config(BIO *err, CONF *cnf) } return 1; } + +char *make_config_name() + { + const char *t=X509_get_default_cert_area(); + char *p; + + p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); + strcpy(p,t); +#ifndef OPENSSL_SYS_VMS + strcat(p,"/"); +#endif + strcat(p,OPENSSL_CONF); + + return p; + } diff --git a/apps/apps.h b/apps/apps.h index 31dd0dc9e1..7b1f8ded78 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -251,6 +251,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); int load_config(BIO *err, CONF *cnf); +char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, @@ -334,6 +334,7 @@ int MAIN(int argc, char **argv) MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; char *engine = NULL; + char *tofree=NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -561,25 +562,26 @@ bad: ERR_load_crypto_strings(); - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); /*****************************************************************/ + tofree=NULL; if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); if (configfile == NULL) { - /* We will just use 'buf[0]' as a temporary buffer. */ + const char *s=X509_get_default_cert_area(); + #ifdef OPENSSL_SYS_VMS - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-1-sizeof(CONFIG_FILE)); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + strcpy(tofree,s); #else - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-2-sizeof(CONFIG_FILE)); - buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0'; - strcat(buf[0],"/"); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); + strcpy(tofree,s); + strcat(tofree,"/"); #endif - strcat(buf[0],CONFIG_FILE); - configfile=buf[0]; + strcat(tofree,CONFIG_FILE); + configfile=tofree; } BIO_printf(bio_err,"Using configuration from %s\n",configfile); @@ -594,6 +596,8 @@ bad: ,errorline,configfile); goto err; } + if(tofree) + OPENSSL_free(tofree); if (!load_config(bio_err, conf)) goto err; @@ -1286,8 +1290,13 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - strncpy(buf[0],serialfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + strcpy(buf[0],serialfile); #ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); @@ -1297,8 +1306,7 @@ bad: if (!save_serial(buf[0],serial)) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; + strcpy(buf[1],dbfile); #ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); @@ -1328,8 +1336,13 @@ bad: j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; - strncpy(buf[2],outdir,BSIZE-(j*2)-6); - buf[2][BSIZE-(j*2)-6]='\0'; + if(strlen(outdir) >= (j ? BSIZE-j*2-6 : BSIZE-8)) + { + BIO_printf(bio_err,"certificate file name too long\n"); + goto err; + } + + strcpy(buf[2],outdir); #ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); @@ -1568,8 +1581,13 @@ bad: if (j <= 0) goto err; X509_free(revcert); - strncpy(buf[0],dbfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"filename too long\n"); + goto err; + } + + strcpy(buf[0],dbfile); #ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else @@ -1613,6 +1631,8 @@ bad: /*****************************************************************/ ret=0; err: + if(tofree) + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); diff --git a/apps/ciphers.c b/apps/ciphers.c index 2d6e104790..fe26ae8cd6 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -187,7 +187,7 @@ int MAIN(int argc, char **argv) { BIO_puts(STDout,SSL_CIPHER_description( sk_SSL_CIPHER_value(sk,i), - buf,512)); + buf,sizeof buf)); } } diff --git a/apps/dgst.c b/apps/dgst.c index 32e40c1f53..dd65a591f5 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -117,7 +117,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); md=EVP_get_digestbyname(pname); diff --git a/apps/enc.c b/apps/enc.c index 1ba2ea2f68..eff5c5610e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -102,7 +102,7 @@ int MAIN(int argc, char **argv) { ENGINE *e = NULL; static const char magic[]="Salted__"; - char mbuf[8]; /* should be 1 smaller than magic */ + char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; @@ -131,7 +131,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; @@ -216,7 +216,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,128,infile); + fgets(buf,sizeof buf,infile); fclose(infile); i=strlen(buf); if ((i > 0) && @@ -442,12 +442,12 @@ bad: else { if(enc) { if(hsalt) { - if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) { + if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0) + } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) @@ -455,14 +455,14 @@ bad: sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { + sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { + sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { @@ -524,7 +524,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i<PKCS5_SALT_LEN; i++) + for (i=0; i<sizeof salt; i++) printf("%02X",salt[i]); printf("\n"); } diff --git a/apps/ocsp.c b/apps/ocsp.c index 17b2a659c3..d759b2709c 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1179,7 +1179,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port for(;;) { - len = BIO_gets(cbio, inbuf, 1024); + len = BIO_gets(cbio, inbuf, sizeof inbuf); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ diff --git a/apps/openssl.c b/apps/openssl.c index d093715676..895d8f76b2 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -218,7 +218,8 @@ int main(int Argc, char *Argv[]) #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024],config_name[256]; + MS_STATIC char *prompt,buf[1024]; + char *to_free=NULL; int n,i,ret=0; int argc; char **argv,*p; @@ -261,14 +262,7 @@ int main(int Argc, char *Argv[]) if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; @@ -284,7 +278,7 @@ int main(int Argc, char *Argv[]) prog=prog_init(); /* first check the program name */ - program_name(Argv[0],pname,PROG_NAME_SIZE); + program_name(Argv[0],pname,sizeof pname); f.name=pname; fp=(FUNCTION *)lh_retrieve(prog,&f); @@ -312,7 +306,7 @@ int main(int Argc, char *Argv[]) { ret=0; p=buf; - n=1024; + n=sizeof buf; i=0; for (;;) { @@ -346,6 +340,8 @@ int main(int Argc, char *Argv[]) BIO_printf(bio_err,"bad exit\n"); ret=1; end: + if (to_free) + OPENSSL_free(to_free); if (config != NULL) { NCONF_free(config); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0d7bf3e6a8..64b4b32be7 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -388,7 +388,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read MAC password"); #endif - if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) + if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; @@ -597,7 +597,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read import password"); #endif - if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) { + if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 8464c43996..1debccb17e 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -244,7 +244,7 @@ int MAIN(int argc, char **argv) if(passout) p8pass = passout; else { p8pass = pass; - if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1)) + if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) return (1); } app_RAND_load_file(NULL, bio_err, 0); @@ -302,7 +302,7 @@ int MAIN(int argc, char **argv) if(passin) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); X509_SIG_free(p8); diff --git a/apps/req.c b/apps/req.c index 6beeef07a3..980138f041 100644 --- a/apps/req.c +++ b/apps/req.c @@ -73,6 +73,7 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -180,7 +181,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; long errline; #endif @@ -527,14 +528,7 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; config=NCONF_new(NULL); i=NCONF_load(config, p, &errline); @@ -1131,6 +1125,10 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); @@ -1293,13 +1291,19 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { @@ -1346,6 +1350,12 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) @@ -1449,6 +1459,7 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1458,7 +1469,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { @@ -1507,6 +1518,7 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1516,7 +1528,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { diff --git a/apps/s_cb.c b/apps/s_cb.c index ca5b24548c..675527df1f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -134,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { @@ -154,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: diff --git a/apps/s_client.c b/apps/s_client.c index 658a79d390..fa881e1305 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -930,10 +930,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) for (i=0; i<sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio,"%2d s:%s\n",i,buf); X509_NAME_oneline(X509_get_issuer_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio," i:%s\n",buf); if (c_showcerts) PEM_write_bio_X509(bio,sk_X509_value(sk,i)); @@ -948,10 +948,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"subject=%s\n",buf); X509_NAME_oneline(X509_get_issuer_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"issuer=%s\n",buf); } else @@ -973,7 +973,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) { BIO_printf(bio,"---\nNo client certificate CA names sent\n"); } - p=SSL_get_shared_ciphers(s,buf,BUFSIZ); + p=SSL_get_shared_ciphers(s,buf,sizeof buf); if (p != NULL) { /* This works only for SSL 2. In later protocol diff --git a/apps/s_server.c b/apps/s_server.c index 3295eb0207..e39a8f7f1a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1306,14 +1306,14 @@ static int init_ssl_connection(SSL *con) { BIO_printf(bio_s_out,"Client certificate\n"); PEM_write_bio_X509(bio_s_out,peer); - X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"subject=%s\n",buf); - X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"issuer=%s\n",buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); diff --git a/apps/s_socket.c b/apps/s_socket.c index bd499d020c..01a980c96d 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -529,9 +529,12 @@ static struct hostent *GetHostByName(char *name) ret=gethostbyname(name); if (ret == NULL) return(NULL); /* else add to cache */ - strncpy(ghbn_cache[lowi].name,name,128); - memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); - ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + if(strlen(name) < sizeof ghbn_cache[0].name) + { + strcpy(ghbn_cache[lowi].name,name); + memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); + ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + } return(ret); } else diff --git a/apps/s_time.c b/apps/s_time.c index 752158460a..da7383ca21 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -146,6 +146,8 @@ #undef BUFSIZZ #define BUFSIZZ 1024*10 +#define MYBUFSIZ 1024*8 + #undef min #undef max #define min(a,b) (((a) < (b)) ? (a) : (b)) @@ -320,6 +322,11 @@ static int parseArgs(int argc, char **argv) { if (--argc < 1) goto bad; s_www_path= *(++argv); + if(strlen(s_www_path) > MYBUFSIZ-100) + { + BIO_printf(bio_err,"-www option too long\n"); + badop=1; + } } else if(strcmp(*argv,"-bugs") == 0) st_bugs=1; diff --git a/apps/speed.c b/apps/speed.c index 0ad86f42bc..1d83adccfa 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2368,7 +2368,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, 256); + memset(isdelim, 0, sizeof isdelim); isdelim[0] = 1; while (*delim) diff --git a/apps/verify.c b/apps/verify.c index 215ef84fc7..e4cbceaf8e 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -330,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),buf,256); + X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); printf("%s\n",buf); printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, diff --git a/apps/winrand.c b/apps/winrand.c index d042258b50..59bede3d70 100644 --- a/apps/winrand.c +++ b/apps/winrand.c @@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) HDC hdc; PAINTSTRUCT ps; RECT rect; - char buffer[200]; static int seeded = 0; switch (iMsg) diff --git a/apps/x509.c b/apps/x509.c index 8e4462dae7..0f6e9ad907 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -770,10 +770,11 @@ bad: int y,z; X509_NAME_oneline(X509_get_subject_name(x), - buf,256); + buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( - X509_get_issuer_name(x),buf,256); + X509_get_issuer_name(x),buf, + sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); @@ -1086,7 +1087,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) } else { - if (!a2i_ASN1_INTEGER(io,bs,buf2,1024)) + if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) { BIO_printf(bio_err,"unable to load serial number from %s\n",buf); ERR_print_errors(bio_err); |