projects
/
oweals
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6042582
)
Use correct length when prompting for password.
author
Dr. Stephen Henson
<steve@openssl.org>
Fri, 4 Apr 2014 11:44:43 +0000
(12:44 +0100)
committer
Dr. Stephen Henson
<steve@openssl.org>
Fri, 4 Apr 2014 12:07:17 +0000
(13:07 +0100)
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit
7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca
)
apps/apps.c
patch
|
blob
|
history
diff --git
a/apps/apps.c
b/apps/apps.c
index 8a6a9a29a7cd6721d65fb8a604a1cdf321e17b16..b76db10a5e5b3140a9bd2d6429e6cbf9b79b3d56 100644
(file)
--- a/
apps/apps.c
+++ b/
apps/apps.c
@@
-586,12
+586,12
@@
int password_callback(char *buf, int bufsiz, int verify,
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,
BUFSIZ
-1);
+ PW_MIN_LENGTH,
bufsiz
-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,
BUFSIZ
-1, buf);
+ PW_MIN_LENGTH,
bufsiz
-1, buf);
}
if (ok >= 0)
do