Skip to content
Commit 0870b2cd authored by Diego Santa Cruz's avatar Diego Santa Cruz Committed by Andy Polyakov
Browse files

Fix srp app missing NULL termination with password callback



The password_callback() function does not necessarily NULL terminate
the password buffer, the caller must use the returned length but the
srp app uses this function as if it was doing NULL termination.

This made the -passin and -passout options of "openssl srp"
fail inexpicably and randomly or even crash.

Fixed by enlarging the buffer by one, so that the maximum password length
remains unchanged, and adding NULL termination upon return.

[Rearrange code for coding style compliance in process.]

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3475)

(cherry picked from commit 0e83981d)
parent c7f6ec9e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment