diff options
author | Richard Levitte <levitte@openssl.org> | 2002-02-28 12:42:19 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-02-28 12:42:19 +0000 |
commit | 26414ee013170f2d8e42b1995dbb30c03e7ed16c (patch) | |
tree | 8c063e88267e1cc018fb3a71a74b35962249702f /crypto | |
parent | 5c62f68e14f38101e2a1dd969b1d5f587a16bfdb (diff) | |
download | openssl-26414ee013170f2d8e42b1995dbb30c03e7ed16c.tar.gz |
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/des/des.c | 3 | ||||
-rw-r--r-- | crypto/evp/evp_key.c | 3 | ||||
-rw-r--r-- | crypto/x509/x509_obj.c | 1 |
3 files changed, 7 insertions, 0 deletions
diff --git a/crypto/des/des.c b/crypto/des/des.c index a03ce161af..d8c846b23d 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -153,12 +153,14 @@ int main(int argc, char **argv) case 'c': cflag=1; strncpy(cksumname,p,200); + cksumname[sizeof(cksumname)-1]='\0'; p+=strlen(cksumname); break; case 'C': cflag=1; longk=1; strncpy(cksumname,p,200); + cksumname[sizeof(cksumname)-1]='\0'; p+=strlen(cksumname); break; case 'e': @@ -190,6 +192,7 @@ int main(int argc, char **argv) case 'u': uflag=1; strncpy(uuname,p,200); + uuname[sizeof(uuname)-1]='\0'; p+=strlen(uuname); break; case 'h': diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 9d9b0af8de..4271393069 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -71,7 +71,10 @@ void EVP_set_pw_prompt(char *prompt) if (prompt == NULL) prompt_string[0]='\0'; else + { strncpy(prompt_string,prompt,79); + prompt_string[79]='\0'; + } } char *EVP_get_pw_prompt(void) diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index f0271fdfa1..1e718f76eb 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -94,6 +94,7 @@ int i; OPENSSL_free(b); } strncpy(buf,"NO X509_NAME",len); + buf[len-1]='\0'; return buf; } |