Trivial bounds checking.

Bounds checking strpy, strcat and sprintf. These are the remaining easy ones to cover a recently removed commit. Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3871)
author: Pauli <paul.dale@oracle.com> 2017-07-06 14:56:20 +1000
committer: Pauli <paul.dale@oracle.com> 2017-07-07 15:45:55 +1000
commit: a2371fa93365cc0bc0e46b9d65f3a47a074b1c30 (patch)
tree: c4751256bc9a1e3d2b20bad3becd6b17aec2c9f4 /crypto/conf
parent: a7ff57965b81ce4fd73a18266ce29abf6b909fdb (diff)
2 files changed, 20 insertions, 22 deletions
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 78acdec4f6..65eca6558b 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -317,13 +317,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
             }
             if (psection == NULL)
                 psection = section;
-            v->name = OPENSSL_malloc(strlen(pname) + 1);
+            v->name = OPENSSL_strdup(pname);
             v->value = NULL;
             if (v->name == NULL) {
                 CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            strcpy(v->name, pname);
             if (!str_copy(conf, psection, &(v->value), start))
                 goto err;
 
@@ -347,13 +346,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
     }
     BUF_MEM_free(buff);
     OPENSSL_free(section);
-    return (1);
+    return 1;
  err:
     BUF_MEM_free(buff);
     OPENSSL_free(section);
     if (line != NULL)
         *line = eline;
-    sprintf(btmp, "%ld", eline);
+    BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
     ERR_add_error_data(2, "line ", btmp);
     if (h != conf->data) {
         CONF_free(conf->data);
@@ -364,7 +363,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
         OPENSSL_free(v->value);
         OPENSSL_free(v);
     }
-    return (0);
+    return 0;
 }
 
 static void clear_comments(CONF *conf, char *p)
@@ -411,7 +410,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
     BUF_MEM *buf;
 
     if ((buf = BUF_MEM_new()) == NULL)
-        return (0);
+        return 0;
 
     len = strlen(from) + 1;
     if (!BUF_MEM_grow(buf, len))
@@ -551,17 +550,17 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
     OPENSSL_free(*pto);
     *pto = buf->data;
     OPENSSL_free(buf);
-    return (1);
+    return 1;
  err:
     BUF_MEM_free(buf);
-    return (0);
+    return 0;
 }
 
 static char *eat_ws(CONF *conf, char *p)
 {
     while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
         p++;
-    return (p);
+    return p;
 }
 
 static char *eat_alpha_numeric(CONF *conf, char *p)
@@ -572,7 +571,7 @@ static char *eat_alpha_numeric(CONF *conf, char *p)
             continue;
         }
         if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
-            return (p);
+            return p;
         p++;
     }
 }
@@ -586,13 +585,13 @@ static char *scan_quote(CONF *conf, char *p)
         if (IS_ESC(conf, *p)) {
             p++;
             if (IS_EOF(conf, *p))
-                return (p);
+                return p;
         }
         p++;
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
 static char *scan_dquote(CONF *conf, char *p)
@@ -612,7 +611,7 @@ static char *scan_dquote(CONF *conf, char *p)
     }
     if (*p == q)
         p++;
-    return (p);
+    return p;
 }
 
 static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 33a96980bb..932c69d7b7 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -170,8 +170,9 @@ static int module_run(const CONF *cnf, const char *name, const char *value,
     if (ret <= 0) {
         if (!(flags & CONF_MFLAGS_SILENT)) {
             char rcode[DECIMAL_SIZE(ret) + 1];
+
             CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
-            sprintf(rcode, "%-8d", ret);
+            BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
             ERR_add_error_data(6, "module=", name, ", value=", value,
                                ", retcode=", rcode);
         }
@@ -475,7 +476,7 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 
 char *CONF_get1_default_config_file(void)
 {
-    char *file;
+    char *file, *sep = "";
     int len;
 
     file = getenv("OPENSSL_CONF");
@@ -485,6 +486,7 @@ char *CONF_get1_default_config_file(void)
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
     len++;
+    sep = "/";
 #endif
     len += strlen(OPENSSL_CONF);
 
@@ -492,11 +494,8 @@ char *CONF_get1_default_config_file(void)
 
     if (file == NULL)
         return NULL;
-    strcpy(file, X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-    strcat(file, "/");
-#endif
-    strcat(file, OPENSSL_CONF);
+    BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(),
+                 sep, OPENSSL_CONF);
 
     return file;
 }
author	Pauli <paul.dale@oracle.com>	2017-07-06 14:56:20 +1000
committer	Pauli <paul.dale@oracle.com>	2017-07-07 15:45:55 +1000
commit	a2371fa93365cc0bc0e46b9d65f3a47a074b1c30 (patch)
tree	c4751256bc9a1e3d2b20bad3becd6b17aec2c9f4 /crypto/conf
parent	a7ff57965b81ce4fd73a18266ce29abf6b909fdb (diff)