From f6c460e8f69e90fdb87129bb70951ced89c7906f Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Mon, 9 May 2016 18:42:58 +0200 Subject: [PATCH] Fix double calls to strlen Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1284) --- apps/ca.c | 13 +++++++------ apps/enc.c | 6 ++++-- apps/passwd.c | 22 +++++++++++++++------- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 444e454df8..91006cf97c 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2137,27 +2137,28 @@ static int get_certificate_status(const char *serial, CA_DB *db) { char *row[DB_NUMBER], **rrow; int ok = -1, i; + size_t serial_len = strlen(serial); /* Free Resources */ for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; /* Malloc needed char spaces */ - row[DB_serial] = app_malloc(strlen(serial) + 2, "row serial#"); + row[DB_serial] = app_malloc(serial_len + 2, "row serial#"); - if (strlen(serial) % 2) { + if (serial_len % 2) { /* * Set the first char to 0 */ ; row[DB_serial][0] = '0'; /* Copy String from serial to row[DB_serial] */ - memcpy(row[DB_serial] + 1, serial, strlen(serial)); - row[DB_serial][strlen(serial) + 1] = '\0'; + memcpy(row[DB_serial] + 1, serial, serial_len); + row[DB_serial][serial_len + 1] = '\0'; } else { /* Copy String from serial to row[DB_serial] */ - memcpy(row[DB_serial], serial, strlen(serial)); - row[DB_serial][strlen(serial)] = '\0'; + memcpy(row[DB_serial], serial, serial_len); + row[DB_serial][serial_len] = '\0'; } /* Make it Upper Case */ diff --git a/apps/enc.c b/apps/enc.c index 403d14e800..10ab15af27 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -382,6 +382,8 @@ int enc_main(int argc, char **argv) * output BIO. If decrypting read salt from input BIO. */ unsigned char *sptr; + size_t str_len = strlen(str); + if (nosalt) sptr = NULL; else { @@ -421,7 +423,7 @@ int enc_main(int argc, char **argv) if (!EVP_BytesToKey(cipher, dgst, sptr, (unsigned char *)str, - strlen(str), 1, key, iv)) { + str_len, 1, key, iv)) { BIO_printf(bio_err, "EVP_BytesToKey failed\n"); goto end; } @@ -432,7 +434,7 @@ int enc_main(int argc, char **argv) if (str == strbuf) OPENSSL_cleanse(str, SIZE); else - OPENSSL_cleanse(str, strlen(str)); + OPENSSL_cleanse(str, str_len); } if (hiv != NULL) { int siz = EVP_CIPHER_iv_length(cipher); diff --git a/apps/passwd.c b/apps/passwd.c index 8404d8cc7a..3ae8f96471 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -288,26 +288,35 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) int n; unsigned int i; EVP_MD_CTX *md = NULL, *md2 = NULL; - size_t passwd_len, salt_len; + size_t passwd_len, salt_len, magic_len; passwd_len = strlen(passwd); out_buf[0] = '$'; out_buf[1] = 0; - assert(strlen(magic) <= 4); /* "1" or "apr1" */ + magic_len = strlen(magic); + + if (magic_len > 4) /* assert it's "1" or "apr1" */ + return NULL; + OPENSSL_strlcat(out_buf, magic, sizeof out_buf); OPENSSL_strlcat(out_buf, "$", sizeof out_buf); OPENSSL_strlcat(out_buf, salt, sizeof out_buf); - assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ - salt_out = out_buf + 2 + strlen(magic); + + if (strlen(out_buf) > 6 + 8); /* assert "$apr1$..salt.." */ + return NULL; + + salt_out = out_buf + 2 + magic_len; salt_len = strlen(salt_out); - assert(salt_len <= 8); + + if (salt_len > 8) + return NULL; md = EVP_MD_CTX_new(); if (md == NULL || !EVP_DigestInit_ex(md, EVP_md5(), NULL) || !EVP_DigestUpdate(md, passwd, passwd_len) || !EVP_DigestUpdate(md, "$", 1) - || !EVP_DigestUpdate(md, magic, strlen(magic)) + || !EVP_DigestUpdate(md, magic, magic_len) || !EVP_DigestUpdate(md, "$", 1) || !EVP_DigestUpdate(md, salt_out, salt_len)) @@ -365,7 +374,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; int dest, source; char *output; -- 2.25.1