[openssl-dev] req command crashes using config file containing passwords
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Feb 29 18:00:25 UTC 2016
On Mon, Feb 29, 2016 at 03:51:02PM +0100, Michel wrote:
> They are failing when calling the 'req' command with a configure script
> containing input_password/output password :
Please try the patch below:
--
Viktor.
diff --git a/apps/req.c b/apps/req.c
index 693acc2..b128fa8 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -198,7 +198,9 @@ int req_main(int argc, char **argv)
char *extensions = NULL, *infile = NULL;
char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *nofree_passin = NULL, *nofree_passout = NULL;
+ char *req_exts = NULL, *subj = NULL;
char *template = default_config_file, *keyout = NULL;
const char *keyalg = NULL;
OPTION_CHOICE o;
@@ -436,15 +438,17 @@ int req_main(int argc, char **argv)
}
}
- if (!passin) {
- passin = NCONF_get_string(req_conf, SECTION, "input_password");
- if (!passin)
+ if (passin == NULL) {
+ passin = nofree_passin =
+ NCONF_get_string(req_conf, SECTION, "input_password");
+ if (passin == NULL)
ERR_clear_error();
}
- if (!passout) {
- passout = NCONF_get_string(req_conf, SECTION, "output_password");
- if (!passout)
+ if (passout == NULL) {
+ passout = nofree_passout =
+ NCONF_get_string(req_conf, SECTION, "output_password");
+ if (passout == NULL)
ERR_clear_error();
}
@@ -862,8 +866,10 @@ int req_main(int argc, char **argv)
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
- OPENSSL_free(passin);
- OPENSSL_free(passout);
+ if (passin != nofree_passin)
+ OPENSSL_free(passin);
+ if (passout != nofree_passout)
+ OPENSSL_free(passout);
OBJ_cleanup();
return (ret);
}
More information about the openssl-dev
mailing list