From: Richard Levitte <levitte@openssl.org>
Date: Thu, 11 Jul 2002 09:12:29 +0000 (+0000)
Subject: In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.
X-Git-Tag: OpenSSL_0_9_6e~26^2~11
X-Git-Url: https://git.openssl.org/gitweb/?a=commitdiff_plain;ds=inline;h=b57c98df7b10234b185ef3c74be021a66eb52f10;p=openssl.git

In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.
Submitted by Götz Babin-Ebell <babinebell@trustcenter.de>
---

diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 7c6f7d3a73..f05573df33 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -71,12 +71,15 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
 	int ok = 0;
 	UI *ui;
 
+	if (size < 1)
+		return -1;
+
 	ui = UI_new();
 	if (ui)
 		{
-		ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1);
+		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
 		if (ok == 0 && verify)
-			ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1,
+			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
 				buf);
 		if (ok == 0)
 			ok=UI_process(ui);