From 54a656ef081f72a740c550ebd8099b40b8b5cde0 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Wed, 13 Nov 2002 15:43:43 +0000
Subject: Security fixes brought forward from 0.9.7.

---
 crypto/rand/rand_egd.c | 2 +-
 crypto/rand/randfile.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'crypto/rand')

diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index 53a726e1aa..1f168221e3 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	if (strlen(path) > sizeof(addr.sun_path))
+	if (strlen(path) >= sizeof(addr.sun_path))
 		return (-1);
 	strcpy(addr.sun_path,path);
 	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 982074c465..7c2673a61f 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -203,8 +203,9 @@ const char *RAND_file_name(char *buf, size_t size)
 		s=getenv("RANDFILE");
 	if (s != NULL)
 		{
-		strncpy(buf,s,size-1);
-		buf[size-1]='\0';
+		if(strlen(s) >= size)
+			return NULL;
+		strcpy(buf,s);
 		ret=buf;
 		}
 	else
-- 
cgit v1.2.3