Skip to content

Commit

Permalink
Use correct length when prompting for password.
Browse files Browse the repository at this point in the history 
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
  • Loading branch information
@snhenson
snhenson committed Apr 4, 2014
1 parent dbb7654 commit 7ba08a4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions apps/apps.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -588,12 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify,

if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
PW_MIN_LENGTH,BUFSIZ-1);
PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
PW_MIN_LENGTH,BUFSIZ-1, buf);
PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
Expand Down

0 comments on commit 7ba08a4

Please sign in to comment.