Add a sanity check on the length of pkeyutl inputs

[openssl.git] / apps / CA.pl.in

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 6306fa47d50f39a4e8d2648315acaa40906a129b..db3cc383189e6ac4c8d873baabf2433731fb0930 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -1,5 +1,5 @@
-#!{- $config{hashbangperl} -}
-# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#!{- $config{HASHBANGPERL} -}
+# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -163,7 +163,7 @@ if ($WHAT eq '-newcert' ) {
         print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
     }
 } elsif ($WHAT eq '-pkcs12' ) {
-    my $cname = $ARGV[1];
+    my $cname = $ARGV[0];
     $cname = "My Certificate" unless defined $cname;
     $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
             . " -certfile ${CATOP}/$CACERT"
@@ -196,12 +196,12 @@ if ($WHAT eq '-newcert' ) {
     $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
     print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
 } elsif ($WHAT eq '-revoke' ) {
-    my $cname = $ARGV[1];
+    my $cname = $ARGV[0];
     if (!defined $cname) {
         print "Certificate filename is required; reason optional.\n";
         exit 1;
     }
-    my $reason = $ARGV[2];
+    my $reason = $ARGV[1];
     $reason = " -crl_reason $reason"
         if defined $reason && crl_reason_ok($reason);
     $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});