# else
# include <unixlib.h>
# endif
-# elif !defined(OPENSSL_SYS_VXWORKS)
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
# include <sys/file.h>
# endif
#endif
" -extensions .. - Extension section (override value in config file)\n",
" -extfile file - Configuration file with X509v3 extentions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -status serial - Shows certificate status given the serial number\n",
" -updatedb - Updates db for expired certificates\n",
NULL
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
+ char *tofree=NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
rev_arg = *(++argv);
rev_type = REV_CA_COMPROMISE;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else
{
bad:
ERR_load_crypto_strings();
- e = setup_engine(bio_err, engine, 0);
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
/*****************************************************************/
+ tofree=NULL;
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (configfile == NULL)
{
- /* We will just use 'buf[0]' as a temporary buffer. */
+ const char *s=X509_get_default_cert_area();
+
#ifdef OPENSSL_SYS_VMS
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+ strcpy(tofree,s);
#else
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-2-sizeof(CONFIG_FILE));
- buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
- strcat(buf[0],"/");
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+ strcpy(tofree,s);
+ strcat(tofree,"/");
#endif
- strcat(buf[0],CONFIG_FILE);
- configfile=buf[0];
+ strcat(tofree,CONFIG_FILE);
+ configfile=tofree;
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
,errorline,configfile);
goto err;
}
+ if(tofree)
+ {
+ OPENSSL_free(tofree);
+ tofree = NULL;
+ }
if (!load_config(bio_err, conf))
goto err;
}
pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
"CA private key");
- if (key) memset(key,0,strlen(key));
+ if (key) OPENSSL_cleanse(key,strlen(key));
if (pkey == NULL)
{
/* load_key() has already printed an appropriate message */
}
if (verbose)
- BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
+ BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
- strncpy(buf[0],serialfile,BSIZE-4);
- buf[0][BSIZE-4]='\0';
+ if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],serialfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[0],"-new");
if (!save_serial(buf[0],serial)) goto err;
- strncpy(buf[1],dbfile,BSIZE-4);
- buf[1][BSIZE-4]='\0';
+ strcpy(buf[1],dbfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[1],"-new");
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
- strncpy(buf[2],outdir,BSIZE-(j*2)-6);
- buf[2][BSIZE-(j*2)-6]='\0';
+ if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+ {
+ BIO_printf(bio_err,"certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
strcat(buf[2],"/");
if (j <= 0) goto err;
X509_free(revcert);
- strncpy(buf[0],dbfile,BSIZE-4);
- buf[0][BSIZE-4]='\0';
+ if(strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"filename too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],dbfile);
#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
#else
/*****************************************************************/
ret=0;
err:
+ if(tofree)
+ OPENSSL_free(tofree);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
- sk_X509_pop_free(cert_sk,X509_free);
+ if (cert_sk)
+ sk_X509_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
app_RAND_write_file(randfile, bio_err);
- if (free_key)
+ if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
TXT_DB_free(db);
NCONF_free(conf);
OBJ_cleanup();
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
projects / openssl.git / blobdiff