From 7606c231c9e056822c4613c7617390bcdb822108 Mon Sep 17 00:00:00 2001
From: FdaSilvaYY <fdasilvayy@gmail.com>
Date: Tue, 5 Jul 2016 19:48:23 +0200
Subject: Simplify buffer limit checking, and reuse BIO_snprintf returned
 value.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
---
 apps/s_time.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/apps/s_time.c b/apps/s_time.c
index ecab515b1f..a08a14d83a 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -41,8 +41,6 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 
-#define MYBUFSIZ 1024*8
-
 #undef min
 #undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
@@ -57,6 +55,8 @@ extern int verify_error;
 
 static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
 
+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
@@ -109,11 +109,11 @@ int s_time_main(int argc, char **argv)
     char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
     double totalTime = 0.0;
     int noCApath = 0, noCAfile = 0;
-    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
-        0, ver;
+    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
     long bytes_read = 0, finishtime = 0;
     OPTION_CHOICE o;
-    int max_version = 0;
+    int max_version = 0, ver, buf_len;
+    size_t buf_size;
 
     meth = TLS_client_method();
     verify_depth = 0;
@@ -176,8 +176,9 @@ int s_time_main(int argc, char **argv)
             break;
         case OPT_WWW:
             www_path = opt_arg();
-            if (strlen(www_path) > MYBUFSIZ - 100) {
-                BIO_printf(bio_err, "%s: -www option too long\n", prog);
+            buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2;  /* 2 is for %s */
+            if (buf_size > sizeof(buf)) {
+                BIO_printf(bio_err, "%s: -www option is too long\n", prog);
                 goto end;
             }
             break;
@@ -232,9 +233,9 @@ int s_time_main(int argc, char **argv)
             goto end;
 
         if (www_path != NULL) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         www_path);
-            if (SSL_write(scon, buf, strlen(buf)) <= 0)
+            buf_len = BIO_snprintf(buf, sizeof buf,
+                                   fmt_http_get_cmd, www_path);
+            if (SSL_write(scon, buf, buf_len) <= 0)
                 goto end;
             while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
                 bytes_read += i;
@@ -290,8 +291,9 @@ int s_time_main(int argc, char **argv)
     }
 
     if (www_path != NULL) {
-        BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
-        if (SSL_write(scon, buf, strlen(buf)) <= 0)
+        buf_len = BIO_snprintf(buf, sizeof buf,
+                               fmt_http_get_cmd, www_path);
+        if (SSL_write(scon, buf, buf_len) <= 0)
             goto end;
         while (SSL_read(scon, buf, sizeof(buf)) > 0)
             continue;
-- 
cgit v1.2.3