[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Nov 15 23:47:11 UTC 2016
The branch master has been updated
via dfc3ffe50251463b4af7deeac3d407667f9050a3 (commit)
via 3a19b22ae11c1e18101197b9848745ab736d400f (commit)
from ebcb536858a271e8812fb9bbafbc0b825e5ece24 (commit)
- Log -----------------------------------------------------------------
commit dfc3ffe50251463b4af7deeac3d407667f9050a3
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Sep 15 21:16:17 2016 +0200
Introduce PATH_MAX and NAME_MAX
to define the certificate filename storage buffer.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1569)
commit 3a19b22ae11c1e18101197b9848745ab736d400f
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue Aug 9 00:34:23 2016 +0200
Simplify and fix usage of three string array variable...
using two separated local variables.
buf[1] was unused.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1569)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 44 ++++++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index b6ab00a..b48788c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -47,8 +47,14 @@
# define R_OK 4
#endif
-#undef BSIZE
-#define BSIZE 256
+#ifndef PATH_MAX
+# define PATH_MAX 4096
+#endif
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+#define CERT_MAX (PATH_MAX + NAME_MAX)
#define BASE_SECTION "ca"
@@ -246,7 +252,8 @@ int ca_main(int argc, char **argv)
const char *serialfile = NULL, *subj = NULL;
char *prog, *startdate = NULL, *enddate = NULL;
char *dbfile = NULL, *f, *randfile = NULL;
- char buf[3][BSIZE];
+ char new_cert[CERT_MAX + 1];
+ char tmp[10 + 1] = "\0";
char *const *pp;
const char *p;
int create_ser = 0, free_key = 0, total = 0, total_done = 0;
@@ -261,6 +268,8 @@ int ca_main(int argc, char **argv)
X509_REVOKED *r = NULL;
OPTION_CHOICE o;
+ new_cert[CERT_MAX] = '\0';
+
prog = opt_init(argc, argv, ca_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@@ -950,14 +959,14 @@ end_of_options:
"\n%d out of %d certificate requests certified, commit? [y/n]",
total_done, total);
(void)BIO_flush(bio_err);
- buf[0][0] = '\0';
- if (!fgets(buf[0], 10, stdin)) {
+ tmp[0] = '\0';
+ if (fgets(tmp, sizeof(tmp), stdin) == NULL) {
BIO_printf(bio_err,
"CERTIFICATION CANCELED: I/O error\n");
ret = 0;
goto end;
}
- if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
+ if (tmp[0] != 'y' && tmp[0] != 'Y') {
BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
ret = 0;
goto end;
@@ -987,24 +996,23 @@ end_of_options:
j = ASN1_STRING_length(serialNumber);
p = (const char *)ASN1_STRING_get0_data(serialNumber);
- if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+ if (strlen(outdir) >= (size_t)(j ? CERT_MAX - j * 2 - 6 : CERT_MAX - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
goto end;
}
- strcpy(buf[2], outdir);
-
+ strcpy(new_cert, outdir);
#ifndef OPENSSL_SYS_VMS
- OPENSSL_strlcat(buf[2], "/", sizeof(buf[2]));
+ OPENSSL_strlcat(new_cert, "/", sizeof(new_cert));
#endif
- n = (char *)&(buf[2][strlen(buf[2])]);
+ n = (char *)&(new_cert[strlen(new_cert)]);
if (j > 0) {
for (k = 0; k < j; k++) {
- if (n >= &(buf[2][sizeof(buf[2])]))
+ if (n >= &(new_cert[sizeof(new_cert)]))
break;
BIO_snprintf(n,
- &buf[2][0] + sizeof(buf[2]) - n,
+ &new_cert[0] + sizeof(new_cert) - n,
"%02X", (unsigned char)*(p++));
n += 2;
}
@@ -1018,11 +1026,11 @@ end_of_options:
*(n++) = 'm';
*n = '\0';
if (verbose)
- BIO_printf(bio_err, "writing %s\n", buf[2]);
+ BIO_printf(bio_err, "writing %s\n", new_cert);
- Cout = BIO_new_file(buf[2], "w");
+ Cout = BIO_new_file(new_cert, "w");
if (Cout == NULL) {
- perror(buf[2]);
+ perror(new_cert);
goto end;
}
write_new_certificate(Cout, x, 0, notext);
@@ -1796,13 +1804,13 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0] = '\0';
- if (!fgets(buf, sizeof(buf) - 1, stdin)) {
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
BIO_printf(bio_err,
"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
ok = 0;
goto end;
}
- if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
+ if (!(buf[0] == 'y' || buf[0] == 'Y')) {
BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
ok = 0;
goto end;
More information about the openssl-commits
mailing list