In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.
authorRichard Levitte <levitte@openssl.org>
Thu, 11 Jul 2002 09:12:29 +0000 (09:12 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 11 Jul 2002 09:12:29 +0000 (09:12 +0000)
Submitted by Götz Babin-Ebell <babinebell@trustcenter.de>

crypto/ui/ui_util.c

index 7c6f7d3..f05573d 100644 (file)
@@ -71,12 +71,15 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
        int ok = 0;
        UI *ui;
 
+       if (size < 1)
+               return -1;
+
        ui = UI_new();
        if (ui)
                {
-               ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1);
+               ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
                if (ok == 0 && verify)
-                       ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1,
+                       ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
                                buf);
                if (ok == 0)
                        ok=UI_process(ui);