diff options
| author | David von Oheimb <David.von.Oheimb@siemens.com> | 2018-02-01 11:06:03 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-03-13 13:38:51 +0100 |
| commit | 62ca15650576f3953103b27e220e4ff4cc4abed5 (patch) | |
| tree | 99202ed71a55a9e0141d28c53d1650c609efe262 /apps | |
| parent | fff684168c7923aa85e6b4381d71d933396e32b0 (diff) | |
prevent app_get_pass() from revealing cleartext password on syntax error
When the argument for '-pass' was badly formed, that argument got
displayed in full. This turns out to not be such a good idea if the
user simply forgot to start the argument with 'pass:', or spellt the
prefix incorrectly. We therefore change the display to say that a
colon is missing or only showing the incorrect prefix.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6218)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/apps.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/apps/apps.c b/apps/apps.c index d095dee27c..06b543488f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -48,6 +48,8 @@ static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) #endif +#define PASS_SOURCE_SIZE_MAX 4 + typedef struct { const char *name; unsigned long flag; @@ -205,6 +207,7 @@ static char *app_get_pass(const char *arg, int keepbio) char *tmp, tpass[APP_PASS_LEN]; int i; + /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */ if (strncmp(arg, "pass:", 5) == 0) return OPENSSL_strdup(arg + 5); if (strncmp(arg, "env:", 4) == 0) { @@ -253,7 +256,16 @@ static char *app_get_pass(const char *arg, int keepbio) return NULL; } } else { - BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg); + /* argument syntax error; do not reveal too much about arg */ + tmp = strchr(arg, ':'); + if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX) + BIO_printf(bio_err, + "Invalid password argument, missing ':' within the first %d chars\n", + PASS_SOURCE_SIZE_MAX + 1); + else + BIO_printf(bio_err, + "Invalid password argument, starting with \"%.*s\"\n", + (int)(tmp - arg + 1), arg); return NULL; } } |