in CONF_get1_default_config_file(), don't calculate a buffer size,

malloc it, do unbounded strlcpy's to it... but instead of asnprintf. While there, let's put a '/' between the two path components! Wonder how old that bug is.. ok guenther
author: deraadt <> 2014-04-18 13:38:31 +0000
committer: deraadt <> 2014-04-18 13:38:31 +0000
commit: 5495eb5660952738d99af143df896cb3e1cc8c25 (patch)
tree: bc986a8217b7fd70ac6b1b70cc8f6b509c7b27c1 /src
parent: f36b76e108bb517b3a4c3c39496572d8efeb0e33 (diff)
download: openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.tar.gz
openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.tar.bz2
openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.zip
2 files changed, 10 insertions, 30 deletions
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index ca7b5e697a..436f239b12 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -543,27 +543,17 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 /* Return default config file name */
-char *CONF_get1_default_config_file(void)
+char *
-        {
+CONF_get1_default_config_file(void)
+{
        char *file;
-        int len;
        file = getenv("OPENSSL_CONF");
        if (file) 
                return BUF_strdup(file);
+        asprintf(&file, "%s/openssl.cnf", X509_get_default_cert_area());
-        len = strlen(X509_get_default_cert_area());
-        len += strlen(OPENSSL_CONF);
-        file = malloc(len + 1);
-        if (!file)
-                return NULL;
-        BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
-        BUF_strlcat(file,OPENSSL_CONF,len + 1);
        return file;
-        }
+}
 /* This function takes a list separated by 'sep' and calls the
 * callback function giving the start and length of each member
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index ca7b5e697a..436f239b12 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -543,27 +543,17 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 /* Return default config file name */
-char *CONF_get1_default_config_file(void)
+char *
-        {
+CONF_get1_default_config_file(void)
+{
        char *file;
-        int len;
        file = getenv("OPENSSL_CONF");
        if (file) 
                return BUF_strdup(file);
+        asprintf(&file, "%s/openssl.cnf", X509_get_default_cert_area());
-        len = strlen(X509_get_default_cert_area());
-        len += strlen(OPENSSL_CONF);
-        file = malloc(len + 1);
-        if (!file)
-                return NULL;
-        BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
-        BUF_strlcat(file,OPENSSL_CONF,len + 1);
        return file;
-        }
+}
 /* This function takes a list separated by 'sep' and calls the
 * callback function giving the start and length of each member
author	deraadt <>	2014-04-18 13:38:31 +0000
committer	deraadt <>	2014-04-18 13:38:31 +0000
commit	5495eb5660952738d99af143df896cb3e1cc8c25 (patch)
tree	bc986a8217b7fd70ac6b1b70cc8f6b509c7b27c1 /src
parent	f36b76e108bb517b3a4c3c39496572d8efeb0e33 (diff)
download	openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.tar.gz openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.tar.bz2 openbsd-5495eb5660952738d99af143df896cb3e1cc8c25.zip

diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c index ca7b5e697a..436f239b12 100644 --- a/src/lib/libcrypto/conf/conf_mod.c +++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -543,27 +543,17 @@ void CONF_module_set_usr_data(CONF_MODULE pmod, void usr_data)
543		543
544	/* Return default config file name */	544	/* Return default config file name */
545		545
546	char *CONF_get1_default_config_file(void)	546	char *
547	{	547	CONF_get1_default_config_file(void)
		548	{
548	char *file;	549	char *file;
549	int len;
550		550
551	file = getenv("OPENSSL_CONF");	551	file = getenv("OPENSSL_CONF");
552	if (file)	552	if (file)
553	return BUF_strdup(file);	553	return BUF_strdup(file);
554		554	asprintf(&file, "%s/openssl.cnf", X509_get_default_cert_area());
555	len = strlen(X509_get_default_cert_area());
556	len += strlen(OPENSSL_CONF);
557
558	file = malloc(len + 1);
559
560	if (!file)
561	return NULL;
562	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
563	BUF_strlcat(file,OPENSSL_CONF,len + 1);
564
565	return file;	555	return file;
566	}	556	}
567		557
568	/* This function takes a list separated by 'sep' and calls the	558	/* This function takes a list separated by 'sep' and calls the
569	* callback function giving the start and length of each member	559	* callback function giving the start and length of each member


diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index ca7b5e697a..436f239b12 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -543,27 +543,17 @@ void CONF_module_set_usr_data(CONF_MODULE pmod, void usr_data)
543		543
544	/* Return default config file name */	544	/* Return default config file name */
545		545
546	char *CONF_get1_default_config_file(void)	546	char *
547	{	547	CONF_get1_default_config_file(void)
		548	{
548	char *file;	549	char *file;
549	int len;
550		550
551	file = getenv("OPENSSL_CONF");	551	file = getenv("OPENSSL_CONF");
552	if (file)	552	if (file)
553	return BUF_strdup(file);	553	return BUF_strdup(file);
554		554	asprintf(&file, "%s/openssl.cnf", X509_get_default_cert_area());
555	len = strlen(X509_get_default_cert_area());
556	len += strlen(OPENSSL_CONF);
557
558	file = malloc(len + 1);
559
560	if (!file)
561	return NULL;
562	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
563	BUF_strlcat(file,OPENSSL_CONF,len + 1);
564
565	return file;	555	return file;
566	}	556	}
567		557
568	/* This function takes a list separated by 'sep' and calls the	558	/* This function takes a list separated by 'sep' and calls the
569	* callback function giving the start and length of each member	559	* callback function giving the start and length of each member