[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Feb 28 17:46:06 UTC 2018
The branch master has been updated
via 6f007824adc40d629e6ad1317d4184ca8bb967fc (commit)
via c7702e077da512ba47f25424f24c11bd0c394bc0 (commit)
via 555c94a0db9661428da0a45cb32b9f002324eefd (commit)
from 946ec58448d664c10ee05c1c8d3c2a3915c9d5f5 (commit)
- Log -----------------------------------------------------------------
commit 6f007824adc40d629e6ad1317d4184ca8bb967fc
Author: Paul Yang <yang.yang at baishancloud.com>
Date: Tue Feb 27 10:47:16 2018 +0800
Fix the type of -out option
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3709)
commit c7702e077da512ba47f25424f24c11bd0c394bc0
Author: Paul Yang <yang.yang at baishancloud.com>
Date: Tue Feb 13 20:15:34 2018 +0800
Add test cases for this -out option check
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3709)
commit 555c94a0db9661428da0a45cb32b9f002324eefd
Author: Paul Yang <yang.yang at baishancloud.com>
Date: Wed Jun 21 23:02:12 2017 +0800
Check directory is able to create files for various -out option
This is to address issue #3404, only works in Unix-like platforms
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3709)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 67 +++++++++++++++++++++++++++++++++++++++
apps/apps.h | 1 +
apps/genrsa.c | 2 +-
apps/opt.c | 41 +++++++++++++++++++++---
apps/sess_id.c | 2 +-
test/recipes/15-test_out_option.t | 60 +++++++++++++++++++++++++++++++++++
6 files changed, 166 insertions(+), 7 deletions(-)
create mode 100644 test/recipes/15-test_out_option.t
diff --git a/apps/apps.c b/apps/apps.c
index 0438bdb..3b713f4 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2340,6 +2340,73 @@ int app_isdir(const char *name)
}
#endif
+/* app_dirname section */
+
+/*
+ * This exactly follows what POSIX's
+ * dirname does, but is implemented
+ * in a more platform independent way.
+ *
+ * path dirname
+ * /usr/lib /usr
+ * /usr/ /
+ * usr .
+ * / /
+ * . .
+ * .. .
+ * "" .
+ *
+ * Note: this function also keeps the
+ * possibility of modifying the 'path'
+ * string same as POSIX dirname.
+ */
+static char *posix_dirname(char *path)
+{
+ size_t l;
+ char *ret = ".";
+
+ l = strlen(path);
+ if (l == 0)
+ goto out;
+ if (strcmp(path, ".") == 0)
+ goto out;
+ if (strcmp(path, "..") == 0)
+ goto out;
+ if (strcmp(path, "/") == 0) {
+ ret = "/";
+ goto out;
+ }
+ if (path[l - 1] == '/') {
+ /* /usr/ */
+ path[l - 1] = '\0';
+ }
+ if ((ret = strrchr(path, '/')) == NULL) {
+ /* usr */
+ ret = ".";
+ } else if (ret == path) {
+ /* /usr */
+ *++ret = '\0';
+ ret = path;
+ } else {
+ /* /usr/lib */
+ *ret = '\0';
+ ret = path;
+ }
+ out:
+ return ret;
+}
+
+/*
+ * TODO: implement app_dirname for Windows
+ * and VMS.
+ */
+#if !defined(_WIN32) && !defined(__VMS)
+char *app_dirname(char *path)
+{
+ return posix_dirname(path);
+}
+#endif
+
/* raw_read|write section */
#if defined(__VMS)
# include "vms_term_sock.h"
diff --git a/apps/apps.h b/apps/apps.h
index daaef36..3086f09 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -594,6 +594,7 @@ void store_setup_crl_download(X509_STORE *st);
int app_isdir(const char *);
int app_access(const char *, int flag);
+char *app_dirname(char *path);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 464657c..2bc8fa0 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -44,7 +44,7 @@ const OPTIONS genrsa_options[] = {
{"3", OPT_3, '-', "Use 3 for the E value"},
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
- {"out", OPT_OUT, 's', "Output the key to specified file"},
+ {"out", OPT_OUT, '>', "Output the key to specified file"},
OPT_R_OPTIONS,
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
diff --git a/apps/opt.c b/apps/opt.c
index a9d163a..a47451c 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -613,13 +613,17 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
*/
int opt_next(void)
{
- char *p;
+ char *p, *estr;
const OPTIONS *o;
int ival;
long lval;
unsigned long ulval;
ossl_intmax_t imval;
ossl_uintmax_t umval;
+#if !defined(_WIN32) && !defined(__VMS)
+ char *c;
+ int oerrno;
+#endif
/* Look at current arg; at end of the list? */
arg = NULL;
@@ -676,13 +680,13 @@ int opt_next(void)
/* Just a string. */
break;
case '/':
- if (app_isdir(arg) >= 0)
+ if (app_isdir(arg) > 0)
break;
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
- if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) >= 0)
+ if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) == 0)
break;
BIO_printf(bio_err,
"%s: Cannot open input file %s, %s\n",
@@ -690,11 +694,38 @@ int opt_next(void)
return -1;
case '>':
/* Output file. */
- if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) >= 0 || errno == ENOENT)
+#if !defined(_WIN32) && !defined(__VMS)
+ c = OPENSSL_strdup(arg);
+ if (c == NULL) {
+ BIO_printf(bio_err,
+ "%s: Memory allocation failure\n", prog);
+ return -1;
+ }
+ oerrno = errno;
+ errno = 0;
+ if (strcmp(arg, "-") == 0
+ || (app_access(app_dirname(c), W_OK) == 0
+ && app_isdir(arg) <= 0
+ && (app_access(arg, W_OK) == 0 || errno == ENOENT))) {
+ OPENSSL_free(c);
break;
+ }
+ OPENSSL_free(c);
+ if (errno == 0)
+ /* only possible if 'arg' is a directory */
+ estr = "is a directory";
+ else
+ estr = strerror(errno);
+ errno = oerrno;
+#else
+ if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) == 0
+ || errno == ENOENT)
+ break;
+ estr = strerror(errno);
+#endif
BIO_printf(bio_err,
"%s: Cannot open output file %s, %s\n",
- prog, arg, strerror(errno));
+ prog, arg, estr);
return -1;
case 'p':
case 'n':
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 70966de..8fd584f 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -30,7 +30,7 @@ const OPTIONS sess_id_options[] = {
{"outform", OPT_OUTFORM, 'f',
"Output format - default PEM (PEM, DER or NSS)"},
{"in", OPT_IN, 's', "Input file - default stdin"},
- {"out", OPT_OUT, 's', "Output file - default stdout"},
+ {"out", OPT_OUT, '>', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print ssl session id details"},
{"cert", OPT_CERT, '-', "Output certificate "},
{"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
diff --git a/test/recipes/15-test_out_option.t b/test/recipes/15-test_out_option.t
new file mode 100644
index 0000000..1b9c40d
--- /dev/null
+++ b/test/recipes/15-test_out_option.t
@@ -0,0 +1,60 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_out_option");
+
+plan skip_all => "'-out' option tests are not available on Windows or VMS"
+ if $^O =~ /^(VMS|MSWin32)$/;
+
+plan tests => 11;
+
+# The following patterns should be tested:
+#
+# path dirname
+# /usr/ /
+# / /
+# . .
+# .. .
+
+test_illegal_path('/usr/');
+test_illegal_path('/');
+test_illegal_path('.');
+test_illegal_path('..');
+
+# Test for trying to create a file in a non-exist directory
+my @chars = ("A".."Z", "a".."z", "0".."9");
+my $rand_path = $chars[rand @chars] for 1..32;
+$rand_path .= "/test.pem";
+
+test_illegal_path($rand_path);
+test_legal_path('test.pem');
+unlink 'test.pem';
+
+sub test_illegal_path {
+ my ($path) = @_;
+
+ my $start = time();
+ ok(!run(app([ 'openssl', 'genrsa', '-out', $path, '16384'])), "invalid output path: $path");
+ my $end = time();
+ # The above process should exit in 2 seconds if the path is not valid
+ ok($end - $start < 2, "check time consumed");
+}
+
+sub test_legal_path {
+ my ($path) = @_;
+
+ ok(run(app([ 'openssl', 'genrsa', '-out', $path, '2048'])), "valid output path: $path");
+}
More information about the openssl-commits
mailing list