From: Dr. Stephen Henson Date: Fri, 4 Apr 2014 11:44:43 +0000 (+0100) Subject: Use correct length when prompting for password. X-Git-Tag: OpenSSL_1_0_1g~9 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f54167d1dcfb0dac8172c48c9dc0f9af4ece3ec1;p=oweals%2Fopenssl.git Use correct length when prompting for password. Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca) --- diff --git a/apps/apps.c b/apps/apps.c index 8a6a9a29a7..b76db10a5e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify, if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, - PW_MIN_LENGTH,BUFSIZ-1); + PW_MIN_LENGTH,bufsiz-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, - PW_MIN_LENGTH,BUFSIZ-1, buf); + PW_MIN_LENGTH,bufsiz-1, buf); } if (ok >= 0) do