diff options
author | Pauli <paul.dale@oracle.com> | 2017-07-06 14:56:20 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-07-07 15:45:55 +1000 |
commit | a2371fa93365cc0bc0e46b9d65f3a47a074b1c30 (patch) | |
tree | c4751256bc9a1e3d2b20bad3becd6b17aec2c9f4 /crypto/conf | |
parent | a7ff57965b81ce4fd73a18266ce29abf6b909fdb (diff) |
Trivial bounds checking.
Bounds checking strpy, strcat and sprintf.
These are the remaining easy ones to cover a recently removed commit.
Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3871)
Diffstat (limited to 'crypto/conf')
-rw-r--r-- | crypto/conf/conf_def.c | 27 | ||||
-rw-r--r-- | crypto/conf/conf_mod.c | 15 |
2 files changed, 20 insertions, 22 deletions
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 78acdec4f6..65eca6558b 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -317,13 +317,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } if (psection == NULL) psection = section; - v->name = OPENSSL_malloc(strlen(pname) + 1); + v->name = OPENSSL_strdup(pname); v->value = NULL; if (v->name == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } - strcpy(v->name, pname); if (!str_copy(conf, psection, &(v->value), start)) goto err; @@ -347,13 +346,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } BUF_MEM_free(buff); OPENSSL_free(section); - return (1); + return 1; err: BUF_MEM_free(buff); OPENSSL_free(section); if (line != NULL) *line = eline; - sprintf(btmp, "%ld", eline); + BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if (h != conf->data) { CONF_free(conf->data); @@ -364,7 +363,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(v->value); OPENSSL_free(v); } - return (0); + return 0; } static void clear_comments(CONF *conf, char *p) @@ -411,7 +410,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) BUF_MEM *buf; if ((buf = BUF_MEM_new()) == NULL) - return (0); + return 0; len = strlen(from) + 1; if (!BUF_MEM_grow(buf, len)) @@ -551,17 +550,17 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) OPENSSL_free(*pto); *pto = buf->data; OPENSSL_free(buf); - return (1); + return 1; err: BUF_MEM_free(buf); - return (0); + return 0; } static char *eat_ws(CONF *conf, char *p) { while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) p++; - return (p); + return p; } static char *eat_alpha_numeric(CONF *conf, char *p) @@ -572,7 +571,7 @@ static char *eat_alpha_numeric(CONF *conf, char *p) continue; } if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p)) - return (p); + return p; p++; } } @@ -586,13 +585,13 @@ static char *scan_quote(CONF *conf, char *p) if (IS_ESC(conf, *p)) { p++; if (IS_EOF(conf, *p)) - return (p); + return p; } p++; } if (*p == q) p++; - return (p); + return p; } static char *scan_dquote(CONF *conf, char *p) @@ -612,7 +611,7 @@ static char *scan_dquote(CONF *conf, char *p) } if (*p == q) p++; - return (p); + return p; } static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 33a96980bb..932c69d7b7 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,8 +170,9 @@ static int module_run(const CONF *cnf, const char *name, const char *value, if (ret <= 0) { if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; + CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); - sprintf(rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } @@ -475,7 +476,7 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) char *CONF_get1_default_config_file(void) { - char *file; + char *file, *sep = ""; int len; file = getenv("OPENSSL_CONF"); @@ -485,6 +486,7 @@ char *CONF_get1_default_config_file(void) len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS len++; + sep = "/"; #endif len += strlen(OPENSSL_CONF); @@ -492,11 +494,8 @@ char *CONF_get1_default_config_file(void) if (file == NULL) return NULL; - strcpy(file, X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(file, "/"); -#endif - strcat(file, OPENSSL_CONF); + BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(), + sep, OPENSSL_CONF); return file; } |