From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 4 Apr 2014 11:44:43 +0000 (+0100)
Subject: Use correct length when prompting for password.
X-Git-Tag: master-post-reformat~880
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca;hp=dbb7654dc189992966ecd95ca66f7a3bb011ab9b

Use correct length when prompting for password.

Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
---

diff --git a/apps/apps.c b/apps/apps.c
index b99996e944..b82882aa0c 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -588,12 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify,
 
 		if (ok >= 0)
 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-				PW_MIN_LENGTH,BUFSIZ-1);
+				PW_MIN_LENGTH,bufsiz-1);
 		if (ok >= 0 && verify)
 			{
 			buff = (char *)OPENSSL_malloc(bufsiz);
 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-				PW_MIN_LENGTH,BUFSIZ-1, buf);
+				PW_MIN_LENGTH,bufsiz-1, buf);
 			}
 		if (ok >= 0)
 			do