From 4692eff0d0561807c5e064b06ced6191dc6fbbda Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Fri, 4 Apr 2003 18:34:45 +0000
Subject: incorrect bounds limit; spotted by ho

---
 src/lib/libssl/src/apps/x509.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 3ff4b62481..bc280d2c39 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -1026,24 +1026,26 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
 	BIO *io = NULL;
 	BIGNUM *serial = NULL;
+	size_t len;
 
-	buf=OPENSSL_malloc( ((serialfile == NULL)
-			?(strlen(CAfile)+strlen(POSTFIX)+1)
-			:(strlen(serialfile)))+1);
+	len = ((serialfile == NULL)
+		?(strlen(CAfile)+strlen(POSTFIX)+1)
+		:(strlen(serialfile)))+1);
+	buf=OPENSSL_malloc(len);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
 	if (serialfile == NULL)
 		{
-		strlcpy(buf,CAfile,sizeof buf);
+		strlcpy(buf,CAfile,len);
 		for (p=buf; *p; p++)
 			if (*p == '.')
 				{
 				*p='\0';
 				break;
 				}
-		strcat(buf,POSTFIX);
+		strlcat(buf,POSTFIX,len);
 		}
 	else
-		strlcpy(buf,serialfile,sizeof buf);
+		strlcpy(buf,serialfile,len);
 	serial=BN_new();
 	bs=ASN1_INTEGER_new();
 	if ((serial == NULL) || (bs == NULL))
-- 
cgit v1.2.3-55-g6feb