summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorderaadt <>2016-08-30 11:32:28 +0000
committerderaadt <>2016-08-30 11:32:28 +0000
commitbd04155124d91da1b4f4e79547dcfb68cd14452c (patch)
tree1510ab05adac8eb32d97fc876015e28d91c2e7e3
parente4936398d0aef967f899fc30e8022af08da108c3 (diff)
downloadopenbsd-bd04155124d91da1b4f4e79547dcfb68cd14452c.tar.gz
openbsd-bd04155124d91da1b4f4e79547dcfb68cd14452c.tar.bz2
openbsd-bd04155124d91da1b4f4e79547dcfb68cd14452c.zip
buf[][] with strange use all over the place is ridiculous, especially
if buf[1] is never used. ok guenther beck
Diffstat
-rw-r--r--src/usr.bin/openssl/ca.c29
1 files changed, 14 insertions, 15 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index ba7b9413c2..206dd75efd 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.20 2015/12/24 16:54:37 mmcc Exp $ */ 1/* $OpenBSD: ca.c,v 1.21 2016/08/30 11:32:28 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -280,8 +280,6 @@ ca_main(int argc, char **argv)
280 STACK_OF(CONF_VALUE) * attribs = NULL; 280 STACK_OF(CONF_VALUE) * attribs = NULL;
281 STACK_OF(X509) * cert_sk = NULL; 281 STACK_OF(X509) * cert_sk = NULL;
282 STACK_OF(OPENSSL_STRING) * sigopts = NULL; 282 STACK_OF(OPENSSL_STRING) * sigopts = NULL;
283#define BUFLEN 256
284 char buf[3][BUFLEN];
285 char *tofree = NULL; 283 char *tofree = NULL;
286 const char *errstr = NULL; 284 const char *errstr = NULL;
287 DB_ATTR db_attr; 285 DB_ATTR db_attr;
@@ -1079,15 +1077,16 @@ bad:
1079 1077
1080 if (sk_X509_num(cert_sk) > 0) { 1078 if (sk_X509_num(cert_sk) > 0) {
1081 if (!batch) { 1079 if (!batch) {
1080 char answer[10];
1081
1082 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total); 1082 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
1083 (void) BIO_flush(bio_err); 1083 (void) BIO_flush(bio_err);
1084 buf[0][0] = '\0'; 1084 if (!fgets(answer, sizeof answer - 1, stdin)) {
1085 if (!fgets(buf[0], 10, stdin)) {
1086 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); 1085 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
1087 ret = 0; 1086 ret = 0;
1088 goto err; 1087 goto err;
1089 } 1088 }
1090 if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { 1089 if ((answer[0] != 'y') && (answer[0] != 'Y')) {
1091 BIO_printf(bio_err, "CERTIFICATION CANCELED\n"); 1090 BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
1092 ret = 0; 1091 ret = 0;
1093 goto err; 1092 goto err;
@@ -1107,6 +1106,7 @@ bad:
1107 int k; 1106 int k;
1108 char *serialstr; 1107 char *serialstr;
1109 unsigned char *data; 1108 unsigned char *data;
1109 char pempath[PATH_MAX];
1110 1110
1111 x = sk_X509_value(cert_sk, i); 1111 x = sk_X509_value(cert_sk, i);
1112 1112
@@ -1117,10 +1117,10 @@ bad:
1117 else 1117 else
1118 serialstr = strdup("00"); 1118 serialstr = strdup("00");
1119 if (serialstr) { 1119 if (serialstr) {
1120 k = snprintf(buf[2], sizeof(buf[2]), 1120 k = snprintf(pempath, sizeof(pempath),
1121 "%s/%s.pem", outdir, serialstr); 1121 "%s/%s.pem", outdir, serialstr);
1122 free(serialstr); 1122 free(serialstr);
1123 if (k == -1 || k >= sizeof(buf[2])) { 1123 if (k == -1 || k >= sizeof(pempath)) {
1124 BIO_printf(bio_err, 1124 BIO_printf(bio_err,
1125 "certificate file name too long\n"); 1125 "certificate file name too long\n");
1126 goto err; 1126 goto err;
@@ -1131,10 +1131,10 @@ bad:
1131 goto err; 1131 goto err;
1132 } 1132 }
1133 if (verbose) 1133 if (verbose)
1134 BIO_printf(bio_err, "writing %s\n", buf[2]); 1134 BIO_printf(bio_err, "writing %s\n", pempath);
1135 1135
1136 if (BIO_write_filename(Cout, buf[2]) <= 0) { 1136 if (BIO_write_filename(Cout, pempath) <= 0) {
1137 perror(buf[2]); 1137 perror(pempath);
1138 goto err; 1138 goto err;
1139 } 1139 }
1140 write_new_certificate(Cout, x, 0, notext); 1140 write_new_certificate(Cout, x, 0, notext);
@@ -1507,7 +1507,6 @@ do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
1507 OPENSSL_STRING row[DB_NUMBER]; 1507 OPENSSL_STRING row[DB_NUMBER];
1508 OPENSSL_STRING *irow = NULL; 1508 OPENSSL_STRING *irow = NULL;
1509 OPENSSL_STRING *rrow = NULL; 1509 OPENSSL_STRING *rrow = NULL;
1510 char buf[25];
1511 1510
1512 tmptm = ASN1_UTCTIME_new(); 1511 tmptm = ASN1_UTCTIME_new();
1513 if (tmptm == NULL) { 1512 if (tmptm == NULL) {
@@ -1904,17 +1903,17 @@ again2:
1904 BIO_printf(bio_err, "\n"); 1903 BIO_printf(bio_err, "\n");
1905 1904
1906 if (!batch) { 1905 if (!batch) {
1906 char answer[25];
1907 1907
1908 BIO_printf(bio_err, "Sign the certificate? [y/n]:"); 1908 BIO_printf(bio_err, "Sign the certificate? [y/n]:");
1909 (void) BIO_flush(bio_err); 1909 (void) BIO_flush(bio_err);
1910 buf[0] = '\0'; 1910 if (!fgets(answer, sizeof(answer) - 1, stdin)) {
1911 if (!fgets(buf, sizeof(buf) - 1, stdin)) {
1912 BIO_printf(bio_err, 1911 BIO_printf(bio_err,
1913 "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); 1912 "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
1914 ok = 0; 1913 ok = 0;
1915 goto err; 1914 goto err;
1916 } 1915 }
1917 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) { 1916 if (!((answer[0] == 'y') || (answer[0] == 'Y'))) {
1918 BIO_printf(bio_err, 1917 BIO_printf(bio_err,
1919 "CERTIFICATE WILL NOT BE CERTIFIED\n"); 1918 "CERTIFICATE WILL NOT BE CERTIFIED\n");
1920 ok = 0; 1919 ok = 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:38:39 +0000