Commit f54167d1 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Use correct length when prompting for password. 

Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d)
parent 6042582b

apps/apps.c

+2 −2
Original line number Diff line number Diff line
@@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify, 


		if (ok >= 0)

			ok = UI_add_input_string(ui,prompt,ui_flags,buf,

				PW_MIN_LENGTH,BUFSIZ-1);

				PW_MIN_LENGTH,bufsiz-1);

		if (ok >= 0 && verify)

			{

			buff = (char *)OPENSSL_malloc(bufsiz);

			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,

				PW_MIN_LENGTH,BUFSIZ-1, buf);

				PW_MIN_LENGTH,bufsiz-1, buf);

			}

		if (ok >= 0)

			do