Fix double calls to strlen (f6c460e8) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/ca.c

+7 −6

Original line number	Diff line number	Diff line
		@@ -2137,27 +2137,28 @@ static int get_certificate_status(const char serial, CA_DB db)
		{
		char row[DB_NUMBER], *rrow;
		int ok = -1, i;
		size_t serial_len = strlen(serial);

		/* Free Resources */
		for (i = 0; i < DB_NUMBER; i++)
		row[i] = NULL;

		/* Malloc needed char spaces */
		row[DB_serial] = app_malloc(strlen(serial) + 2, "row serial#");
		row[DB_serial] = app_malloc(serial_len + 2, "row serial#");

		if (strlen(serial) % 2) {
		if (serial_len % 2) {
		/*
		* Set the first char to 0
		*/ ;
		row[DB_serial][0] = '0';

		/* Copy String from serial to row[DB_serial] */
		memcpy(row[DB_serial] + 1, serial, strlen(serial));
		row[DB_serial][strlen(serial) + 1] = '\0';
		memcpy(row[DB_serial] + 1, serial, serial_len);
		row[DB_serial][serial_len + 1] = '\0';
		} else {
		/* Copy String from serial to row[DB_serial] */
		memcpy(row[DB_serial], serial, strlen(serial));
		row[DB_serial][strlen(serial)] = '\0';
		memcpy(row[DB_serial], serial, serial_len);
		row[DB_serial][serial_len] = '\0';
		}

		/* Make it Upper Case */

+4 −2

Original line number	Diff line number	Diff line
		@@ -382,6 +382,8 @@ int enc_main(int argc, char **argv)
		* output BIO. If decrypting read salt from input BIO.
		*/
		unsigned char *sptr;
		size_t str_len = strlen(str);

		if (nosalt)
		sptr = NULL;
		else {
		@@ -421,7 +423,7 @@ int enc_main(int argc, char **argv)

		if (!EVP_BytesToKey(cipher, dgst, sptr,
		(unsigned char *)str,
		strlen(str), 1, key, iv)) {
		str_len, 1, key, iv)) {
		BIO_printf(bio_err, "EVP_BytesToKey failed\n");
		goto end;
		}
		@@ -432,7 +434,7 @@ int enc_main(int argc, char **argv)
		if (str == strbuf)
		OPENSSL_cleanse(str, SIZE);
		else
		OPENSSL_cleanse(str, strlen(str));
		OPENSSL_cleanse(str, str_len);
		}
		if (hiv != NULL) {
		int siz = EVP_CIPHER_iv_length(cipher);

+15 −7

Original line number	Diff line number	Diff line
		@@ -288,26 +288,35 @@ static char md5crypt(const char passwd, const char magic, const char salt)
		int n;
		unsigned int i;
		EVP_MD_CTX md = NULL, md2 = NULL;
		size_t passwd_len, salt_len;
		size_t passwd_len, salt_len, magic_len;

		passwd_len = strlen(passwd);
		out_buf[0] = '$';
		out_buf[1] = 0;
		assert(strlen(magic) <= 4); /* "1" or "apr1" */
		magic_len = strlen(magic);

		if (magic_len > 4) /* assert it's "1" or "apr1" */
		return NULL;

		OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
		OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
		OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
		assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
		salt_out = out_buf + 2 + strlen(magic);

		if (strlen(out_buf) > 6 + 8); /* assert "$apr1$..salt.." */
		return NULL;

		salt_out = out_buf + 2 + magic_len;
		salt_len = strlen(salt_out);
		assert(salt_len <= 8);

		if (salt_len > 8)
		return NULL;

		md = EVP_MD_CTX_new();
		if (md == NULL
		\|\| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
		\|\| !EVP_DigestUpdate(md, passwd, passwd_len)
		\|\| !EVP_DigestUpdate(md, "$", 1)
		\|\| !EVP_DigestUpdate(md, magic, strlen(magic))
		\|\| !EVP_DigestUpdate(md, magic, magic_len)
		\|\| !EVP_DigestUpdate(md, "$", 1)
		\|\| !EVP_DigestUpdate(md, salt_out, salt_len))

		@@ -365,7 +374,6 @@ static char md5crypt(const char passwd, const char magic, const char salt)

		{
		/* transform buf into output string */

		unsigned char buf_perm[sizeof buf];
		int dest, source;
		char *output;