[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Dec 15 10:47:53 UTC 2020
The branch master has been updated
via 021410ea3fc3876538830839d16b67e610d12785 (commit)
from c678f68a19638c1e2bbfee6a7a1d8d728976ce66 (commit)
- Log -----------------------------------------------------------------
commit 021410ea3fc3876538830839d16b67e610d12785
Author: Rich Salz <rsalz at akamai.com>
Date: Sat Nov 28 16:12:58 2020 -0500
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
-----------------------------------------------------------------------
Summary of changes:
apps/asn1pars.c | 2 ++
apps/ca.c | 2 ++
apps/ciphers.c | 5 +++--
apps/cmp.c | 32 +++++++++++++++-----------------
apps/cms.c | 2 ++
apps/crl.c | 2 ++
apps/crl2p7.c | 2 ++
apps/dgst.c | 2 ++
apps/dhparam.c | 10 ++++++++--
apps/dsa.c | 2 ++
apps/dsaparam.c | 12 ++++++++----
apps/ec.c | 2 ++
apps/ecparam.c | 2 ++
apps/enc.c | 7 ++++---
apps/engine.c | 2 +-
apps/errstr.c | 15 +++++++++------
apps/fipsinstall.c | 9 ++++++---
apps/gendsa.c | 8 +++++---
apps/genpkey.c | 2 ++
apps/genrsa.c | 2 ++
apps/info.c | 4 +---
apps/kdf.c | 7 +++----
apps/list.c | 6 +++---
apps/mac.c | 7 +++----
apps/nseq.c | 2 ++
apps/ocsp.c | 9 ++++++---
apps/openssl.c | 1 +
apps/passwd.c | 3 ++-
apps/pkcs12.c | 6 ++++--
apps/pkcs7.c | 2 ++
apps/pkcs8.c | 2 ++
apps/pkey.c | 2 ++
apps/pkeyparam.c | 2 ++
apps/pkeyutl.c | 2 ++
apps/prime.c | 8 +++-----
apps/rand.c | 7 ++++---
apps/rehash.c | 2 ++
apps/req.c | 2 ++
apps/rsa.c | 2 ++
apps/rsautl.c | 2 ++
apps/s_client.c | 35 ++++++++++++++++++-----------------
apps/s_server.c | 5 ++++-
apps/s_time.c | 2 ++
apps/sess_id.c | 2 ++
apps/smime.c | 9 +++++++--
apps/speed.c | 3 ++-
apps/spkac.c | 2 ++
apps/srp.c | 2 ++
apps/storeutl.c | 11 +++--------
apps/ts.c | 5 ++++-
apps/verify.c | 3 +++
apps/version.c | 8 +++++---
apps/x509.c | 7 +++----
53 files changed, 188 insertions(+), 106 deletions(-)
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index ae47aa8efc..798e8d1668 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -157,6 +157,8 @@ int asn1parse_main(int argc, char **argv)
break;
}
}
+
+ /* No extra args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/ca.c b/apps/ca.c
index 82b008cbce..2772072b79 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -488,7 +488,9 @@ opthelp:
break;
}
}
+
end_of_options:
+ /* Remaining args are files to certify. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 500b416046..3afbbe5002 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -176,11 +176,12 @@ int ciphers_main(int argc, char **argv)
break;
}
}
+
+ /* Optional arg is cipher name. */
argv = opt_rest();
argc = opt_num_rest();
-
if (argc == 1)
- ciphers = *argv;
+ ciphers = argv[0];
else if (argc != 0)
goto opthelp;
diff --git a/apps/cmp.c b/apps/cmp.c
index d57c67c644..b830b6a3c5 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2289,7 +2289,9 @@ static int get_opts(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- goto opt_err;
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ return 0;
case OPT_HELP:
opt_help(cmp_options);
return -1;
@@ -2311,11 +2313,11 @@ static int get_opts(int argc, char **argv)
break;
case OPT_MSG_TIMEOUT:
if ((opt_msg_timeout = opt_nat()) < 0)
- goto opt_err;
+ goto opthelp;
break;
case OPT_TOTAL_TIMEOUT:
if ((opt_total_timeout = opt_nat()) < 0)
- goto opt_err;
+ goto opthelp;
break;
case OPT_TLS_USED:
opt_tls_used = 1;
@@ -2399,7 +2401,7 @@ static int get_opts(int argc, char **argv)
case OPT_V_CASES:
if (!opt_verify(o, vpm))
- goto opt_err;
+ goto opthelp;
break;
case OPT_CMD:
opt_cmd_s = opt_str("cmd");
@@ -2425,7 +2427,7 @@ static int get_opts(int argc, char **argv)
break;
case OPT_DAYS:
if ((opt_days = opt_nat()) < 0)
- goto opt_err;
+ goto opthelp;
break;
case OPT_REQEXTS:
opt_reqexts = opt_str("reqexts");
@@ -2450,7 +2452,7 @@ static int get_opts(int argc, char **argv)
|| opt_popo < OSSL_CRMF_POPO_NONE
|| opt_popo > OSSL_CRMF_POPO_KEYENC) {
CMP_err("invalid popo spec. Valid values are -1 .. 2");
- goto opt_err;
+ goto opthelp;
}
break;
case OPT_CSR:
@@ -2480,7 +2482,7 @@ static int get_opts(int argc, char **argv)
|| opt_revreason > CRL_REASON_AA_COMPROMISE
|| opt_revreason == 7) {
CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10");
- goto opt_err;
+ goto opthelp;
}
break;
case OPT_CERTFORM:
@@ -2499,7 +2501,7 @@ static int get_opts(int argc, char **argv)
#endif
case OPT_PROV_CASES:
if (!opt_provider(o))
- goto opt_err;
+ goto opthelp;
break;
case OPT_BATCH:
@@ -2531,7 +2533,7 @@ static int get_opts(int argc, char **argv)
break;
case OPT_MAX_MSGS:
if ((opt_max_msgs = opt_nat()) < 0)
- goto opt_err;
+ goto opthelp;
break;
case OPT_SRV_REF:
opt_srv_ref = opt_str("srv_ref");
@@ -2604,17 +2606,13 @@ static int get_opts(int argc, char **argv)
break;
}
}
+
+ /* No extra args. */
argc = opt_num_rest();
argv = opt_rest();
- if (argc != 0) {
- CMP_err1("unknown parameter %s", argv[0]);
- goto opt_err;
- }
+ if (argc != 0)
+ goto opthelp;
return 1;
-
- opt_err:
- CMP_err1("use -help for summary of '%s' options", prog);
- return 0;
}
int cmp_main(int argc, char **argv)
diff --git a/apps/cms.c b/apps/cms.c
index f9adc9a52c..e8254cb85c 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -699,6 +699,8 @@ int cms_main(int argc, char **argv)
break;
}
}
+
+ /* Remaining args are files to process. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/crl.c b/apps/crl.c
index 680c0ee128..0daded01e3 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -201,6 +201,8 @@ int crl_main(int argc, char **argv)
break;
}
}
+
+ /* No remaining args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 9137f87239..577d80fa49 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -102,6 +102,8 @@ int crl2pkcs7_main(int argc, char **argv)
break;
}
}
+
+ /* No remaining args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/dgst.c b/apps/dgst.c
index 4adf9cd9b4..7110a97cf4 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -220,6 +220,8 @@ int dgst_main(int argc, char **argv)
break;
}
}
+
+ /* Remaining args are files to digest. */
argc = opt_num_rest();
argv = opt_rest();
if (keyfile != NULL && argc > 1) {
diff --git a/apps/dhparam.c b/apps/dhparam.c
index ecb4e17db1..a69dfd3810 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -146,11 +146,17 @@ int dhparam_main(int argc, char **argv)
break;
}
}
+
+ /* One optional argument, bitsize to generate. */
argc = opt_num_rest();
argv = opt_rest();
+ if (argc == 1) {
+ if (!opt_int(argv[0], &num) || num <= 0)
+ goto opthelp;
+ } else if (argc != 0) {
+ goto opthelp;
+ }
- if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
- goto end;
if (g && !num)
num = DEFBITS;
diff --git a/apps/dsa.c b/apps/dsa.c
index 75a0504548..2deda0a32c 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -150,6 +150,8 @@ int dsa_main(int argc, char **argv)
break;
}
}
+
+ /* No extra args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 8bbd65700d..f09318f54b 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -125,15 +125,19 @@ int dsaparam_main(int argc, char **argv)
break;
}
}
+
+ /* Optional arg is bitsize. */
argc = opt_num_rest();
argv = opt_rest();
-
if (argc == 1) {
if (!opt_int(argv[0], &num) || num < 0)
- goto end;
- /* generate a key */
- numbits = num;
+ goto opthelp;
+ } else if (argc != 0) {
+ goto opthelp;
}
+
+ /* generate a key */
+ numbits = num;
private = genkey ? 1 : 0;
out = bio_open_owner(outfile, outformat, private);
diff --git a/apps/ec.c b/apps/ec.c
index 79951cc8d6..e1d447de81 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -166,6 +166,8 @@ int ec_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 3e20be24b2..06f017a548 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -172,6 +172,8 @@ int ecparam_main(int argc, char **argv)
break;
}
}
+
+ /* No extra args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/enc.c b/apps/enc.c
index 0f4cdae3c2..f97621b1a6 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -295,10 +295,11 @@ int enc_main(int argc, char **argv)
break;
}
}
- if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "Extra arguments given.\n");
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0)
goto opthelp;
- }
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
diff --git a/apps/engine.c b/apps/engine.c
index 393008d5ce..b494a79447 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -360,7 +360,7 @@ int engine_main(int argc, char **argv)
}
}
- /* Allow any trailing parameters as engine names. */
+ /* Any remaining arguments are engine names. */
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++) {
diff --git a/apps/errstr.c b/apps/errstr.c
index 9e97698be3..782705a78a 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -52,16 +52,19 @@ int errstr_main(int argc, char **argv)
}
}
+ /*
+ * We're not really an SSL application so this won't auto-init, but
+ * we're still interested in SSL error strings
+ */
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+
+ /* All remaining arg are error code. */
ret = 0;
- for (argv = opt_rest(); *argv; argv++) {
+ for (argv = opt_rest(); *argv != NULL; argv++) {
if (sscanf(*argv, "%lx", &l) == 0) {
ret++;
} else {
- /* We're not really an SSL application so this won't auto-init, but
- * we're still interested in SSL error strings
- */
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf);
}
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index d1cda24941..4a1b89d92c 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -373,7 +373,11 @@ opthelp:
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
+ if (argc != 0)
+ goto opthelp;
if (parent_config != NULL) {
/* Test that a parent config can load the module */
@@ -386,9 +390,8 @@ opthelp:
goto end;
}
if (module_fname == NULL
- || (verify && in_fname == NULL)
- || (!verify && out_fname == NULL)
- || argc != 0)
+ || (verify && in_fname == NULL)
+ || (!verify && out_fname == NULL))
goto opthelp;
tail = opt_path_end(module_fname);
diff --git a/apps/gendsa.c b/apps/gendsa.c
index f2afa1134a..d525f7093b 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -102,13 +102,15 @@ int gendsa_main(int argc, char **argv)
break;
}
}
+
+ /* One argument, the params file. */
argc = opt_num_rest();
argv = opt_rest();
- private = 1;
-
if (argc != 1)
goto opthelp;
- dsaparams = *argv;
+
+ dsaparams = argv[0];
+ private = 1;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
diff --git a/apps/genpkey.c b/apps/genpkey.c
index d6ab0e6b17..523ec1da8f 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -153,6 +153,8 @@ int genpkey_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 32f088238d..2cc1abfbe5 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -146,6 +146,8 @@ opthelp:
break;
}
}
+
+ /* One optional argument, the bitsize. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/info.c b/apps/info.c
index ae6e34c9bc..5099853494 100644
--- a/apps/info.c
+++ b/apps/info.c
@@ -86,10 +86,8 @@ opthelp:
break;
}
}
- if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "%s: Extra parameters given.\n", prog);
+ if (opt_num_rest() != 0)
goto opthelp;
- }
if (dirty > 1) {
BIO_printf(bio_err, "%s: Only one item allowed\n", prog);
goto opthelp;
diff --git a/apps/kdf.c b/apps/kdf.c
index ba14cfdc76..4bbb88a5ae 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -89,13 +89,12 @@ opthelp:
break;
}
}
+
+ /* One argument, the KDF name. */
argc = opt_num_rest();
argv = opt_rest();
-
- if (argc != 1) {
- BIO_printf(bio_err, "Invalid number of extra arguments\n");
+ if (argc != 1)
goto opthelp;
- }
if ((kdf = EVP_KDF_fetch(NULL, argv[0], NULL)) == NULL) {
BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]);
diff --git a/apps/list.c b/apps/list.c
index df25e00363..986a288757 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1529,10 +1529,10 @@ opthelp:
}
done = 1;
}
- if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "Extra arguments given.\n");
+
+ /* No extra arguments. */
+ if (opt_num_rest() != 0)
goto opthelp;
- }
if (todo.commands)
list_type(FT_general, one);
diff --git a/apps/mac.c b/apps/mac.c
index e751dcf0b1..ea75b33623 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -98,13 +98,12 @@ opthelp:
break;
}
}
+
+ /* One argument, the MAC name. */
argc = opt_num_rest();
argv = opt_rest();
-
- if (argc != 1) {
- BIO_printf(bio_err, "Invalid number of extra arguments\n");
+ if (argc != 1)
goto opthelp;
- }
mac = EVP_MAC_fetch(NULL, argv[0], NULL);
if (mac == NULL) {
diff --git a/apps/nseq.c b/apps/nseq.c
index 92ae7bd34d..706ca58f65 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -71,6 +71,8 @@ int nseq_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 174f237340..982423d1ef 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -514,14 +514,17 @@ int ocsp_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0)
+ goto opthelp;
+
if (trailing_md) {
BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
prog);
goto opthelp;
}
- argc = opt_num_rest();
- if (argc != 0)
- goto opthelp;
/* Have we anything to do? */
if (req == NULL && reqin == NULL
diff --git a/apps/openssl.c b/apps/openssl.c
index 9d697a8836..e6746087ad 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -347,6 +347,7 @@ int help_main(int argc, char **argv)
}
}
+ /* One optional argument, the command to get help for. */
if (opt_num_rest() == 1) {
new_argv[0] = opt_rest()[0];
new_argv[1] = "--help";
diff --git a/apps/passwd.c b/apps/passwd.c
index 5bf031566a..c39254460d 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -184,9 +184,10 @@ int passwd_main(int argc, char **argv)
break;
}
}
+
+ /* All remaining arguments are the password text */
argc = opt_num_rest();
argv = opt_rest();
-
if (*argv != NULL) {
if (pw_source_defined)
goto opthelp;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 5c05fddf99..60e12cf932 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -335,7 +335,11 @@ int pkcs12_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
+ if (argc != 0)
+ goto opthelp;
if (export_pkcs12) {
if ((options & INFO) != 0)
@@ -421,8 +425,6 @@ int pkcs12_main(int argc, char **argv)
enc = EVP_des_ede3_cbc();
}
- if (argc != 0)
- goto opthelp;
private = 1;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index f09994df6d..efc58b10c9 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -110,6 +110,8 @@ int pkcs7_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 37f20b34c5..ae0824c6d2 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -193,6 +193,8 @@ int pkcs8_main(int argc, char **argv)
#endif
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/pkey.c b/apps/pkey.c
index 8aafcb4277..65988a8fc2 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -185,6 +185,8 @@ int pkey_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index df95f76f42..42de552753 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -90,6 +90,8 @@ int pkeyparam_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 3146b1f684..a88a6ca7a3 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -250,6 +250,8 @@ int pkeyutl_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/prime.c b/apps/prime.c
index 277500d84e..1879d14111 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -81,16 +81,14 @@ opthelp:
break;
}
}
+
+ /* Optional arguments are numbers to check. */
argc = opt_num_rest();
argv = opt_rest();
-
if (generate) {
- if (argc != 0) {
- BIO_printf(bio_err, "Extra arguments given.\n");
+ if (argc != 0)
goto opthelp;
- }
} else if (argc == 0) {
- BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto opthelp;
}
diff --git a/apps/rand.c b/apps/rand.c
index 1ad6894597..c78123e161 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -88,13 +88,14 @@ int rand_main(int argc, char **argv)
break;
}
}
+
+ /* Optional argument is number of bytes to generate. */
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
- goto end;
- } else if (argc > 0) {
- BIO_printf(bio_err, "Extra arguments given.\n");
+ goto opthelp;
+ } else if (argc != 0) {
goto opthelp;
}
diff --git a/apps/rehash.c b/apps/rehash.c
index 3cbd65c860..2b867d43cc 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -515,6 +515,8 @@ int rehash_main(int argc, char **argv)
break;
}
}
+
+ /* Optional arguments are directories to scan. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/req.c b/apps/req.c
index ad79866a5a..84b6a4c00c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -449,6 +449,8 @@ int req_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/rsa.c b/apps/rsa.c
index 058c2be2ad..469c09b97c 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -175,6 +175,8 @@ int rsa_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 8fefaee8f5..333edb9363 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -171,6 +171,8 @@ int rsautl_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/s_client.c b/apps/s_client.c
index 98f034f112..56444baeca 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1572,6 +1572,24 @@ int s_client_main(int argc, char **argv)
}
}
+ /* Optional argument is connect string if -connect not used. */
+ argc = opt_num_rest();
+ if (argc == 1) {
+ /*
+ * Don't allow -connect and a separate argument.
+ */
+ if (connectstr != NULL) {
+ BIO_printf(bio_err,
+ "%s: cannot provide both -connect option and target parameter\n",
+ prog);
+ goto opthelp;
+ }
+ connect_type = use_inet;
+ freeandcopy(&connectstr, *opt_rest());
+ } else if (argc != 0) {
+ goto opthelp;
+ }
+
if (count4or6 >= 2) {
BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
goto opthelp;
@@ -1590,23 +1608,6 @@ int s_client_main(int argc, char **argv)
goto opthelp;
}
}
- argc = opt_num_rest();
- if (argc == 1) {
- /* If there's a positional argument, it's the equivalent of
- * OPT_CONNECT.
- * Don't allow -connect and a separate argument.
- */
- if (connectstr != NULL) {
- BIO_printf(bio_err,
- "%s: must not provide both -connect option and target parameter\n",
- prog);
- goto opthelp;
- }
- connect_type = use_inet;
- freeandcopy(&connectstr, *opt_rest());
- } else if (argc != 0) {
- goto opthelp;
- }
#ifndef OPENSSL_NO_NEXTPROTONEG
if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
diff --git a/apps/s_server.c b/apps/s_server.c
index 24dffeab01..55a300beac 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1660,8 +1660,11 @@ int s_server_main(int argc, char *argv[])
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
- argv = opt_rest();
+ if (argc != 0)
+ goto opthelp;
#ifndef OPENSSL_NO_NEXTPROTONEG
if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
diff --git a/apps/s_time.c b/apps/s_time.c
index 3730ca540a..2052a15c4f 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -234,6 +234,8 @@ int s_time_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 5183ea93ed..de25cea156 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -96,6 +96,8 @@ int sess_id_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/smime.c b/apps/smime.c
index f0ac6ed99c..b8451d8403 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -356,6 +356,8 @@ int smime_main(int argc, char **argv)
break;
}
}
+
+ /* Extra arguments are files with recipient keys. */
argc = opt_num_rest();
argv = opt_rest();
@@ -363,6 +365,11 @@ int smime_main(int argc, char **argv)
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto opthelp;
}
+ if (!operation) {
+ BIO_puts(bio_err,
+ "No operation (-encrypt|-sign|...) specified\n");
+ goto opthelp;
+ }
if (operation & SMIME_SIGNERS) {
/* Check to see if any final signer needs to be appended */
@@ -398,8 +405,6 @@ int smime_main(int argc, char **argv)
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp;
}
- } else if (!operation) {
- goto opthelp;
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
diff --git a/apps/speed.c b/apps/speed.c
index fa30924c5f..07c2238ab2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1807,10 +1807,11 @@ int speed_main(int argc, char **argv)
break;
}
}
+
+ /* Remaining arguments are algorithms. */
argc = opt_num_rest();
argv = opt_rest();
- /* Remaining arguments are algorithms. */
for (; *argv; argv++) {
const char *algo = *argv;
diff --git a/apps/spkac.c b/apps/spkac.c
index 2b4009d457..cfbbc41e18 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -125,6 +125,8 @@ int spkac_main(int argc, char **argv)
break;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/srp.c b/apps/srp.c
index 6a7d66753a..3d8ce3e7c6 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -301,6 +301,8 @@ int srp_main(int argc, char **argv)
break;
}
}
+
+ /* Optional parameters are usernames. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/storeutl.c b/apps/storeutl.c
index facbf63333..0ec65ab047 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -256,17 +256,12 @@ int storeutl_main(int argc, char *argv[])
break;
}
}
+
+ /* One argument, the URI */
argc = opt_num_rest();
argv = opt_rest();
-
- if (argc == 0) {
- BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog);
+ if (argc != 1)
goto opthelp;
- }
- if (argc > 1) {
- BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog);
- goto opthelp;
- }
if (criterion != 0) {
switch (criterion) {
diff --git a/apps/ts.c b/apps/ts.c
index 23e16d8008..5ff80062ef 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -286,7 +286,10 @@ int ts_main(int argc, char **argv)
break;
}
}
- if (mode == OPT_ERR || opt_num_rest() != 0)
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0 || mode == OPT_ERR)
goto opthelp;
if (mode == OPT_REPLY && passin &&
diff --git a/apps/verify.c b/apps/verify.c
index ba4a8c283d..bf200b0fb6 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -193,8 +193,11 @@ int verify_main(int argc, char **argv)
break;
}
}
+
+ /* Extra arguments are certificates to verify. */
argc = opt_num_rest();
argv = opt_rest();
+
if (trusted != NULL
&& (CAfile != NULL || CApath != NULL || CAstore != NULL)) {
BIO_printf(bio_err,
diff --git a/apps/version.c b/apps/version.c
index 4a289faca0..cb00f55d89 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -97,10 +97,12 @@ opthelp:
break;
}
}
- if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "Extra parameters given.\n");
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0)
goto opthelp;
- }
+
if (!dirty)
version = 1;
diff --git a/apps/x509.c b/apps/x509.c
index 8cd84f5afe..a82682bc11 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -490,12 +490,11 @@ int x509_main(int argc, char **argv)
goto opthelp;
}
}
+
+ /* No extra arguments. */
argc = opt_num_rest();
- argv = opt_rest();
- if (argc != 0) {
- BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]);
+ if (argc != 0)
goto opthelp;
- }
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
More information about the openssl-commits
mailing list