From 715a2c58fe812af3f07885ee27a3fc208e84c5ce Mon Sep 17 00:00:00 2001 From: beck <> Date: Mon, 14 Apr 2014 18:53:14 +0000 Subject: Flense all use of BIO_snprintf from ssl source - use the real one instead, and allow for the normal posix mandated return values instead of the nonstandard one from BIO_snprintf. ok miod@ --- src/lib/libssl/d1_pkt.c | 2 +- src/lib/libssl/src/ssl/d1_pkt.c | 2 +- src/lib/libssl/src/ssl/kssl.c | 36 ++++++++++++++++++------------------ src/lib/libssl/src/ssl/kssl.h | 4 ++-- src/lib/libssl/src/ssl/ssl_ciph.c | 11 +++++++---- src/lib/libssl/src/ssl/ssltest.c | 8 ++++---- src/lib/libssl/ssl_ciph.c | 11 +++++++---- 7 files changed, 40 insertions(+), 34 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 830dc2d2d0..cb5f2c3199 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -1117,7 +1117,7 @@ start: s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + (void) snprintf(tmp,sizeof tmp,"%d",alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx, s->session); diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 830dc2d2d0..cb5f2c3199 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c @@ -1117,7 +1117,7 @@ start: s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + (void) snprintf(tmp,sizeof tmp,"%d",alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx, s->session); diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c index 2bbe3ab647..83afa97f03 100644 --- a/src/lib/libssl/src/ssl/kssl.c +++ b/src/lib/libssl/src/ssl/kssl.c @@ -273,7 +273,7 @@ unsigned char /* Set kssl_err error info when reason text is a simple string -** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } +** kssl_err = struct { int reason; char text[KSSL_ERR_MAX]; } */ void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) @@ -282,7 +282,7 @@ kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) return; kssl_err->reason = reason; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); return; } @@ -420,20 +420,20 @@ kssl_cget_tkt( } if ((krb5rc = krb5_init_context(&krb5context)) != 0) { - BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, + (void) snprintf(kssl_err->text,KSSL_ERR_MAX, "krb5_init_context() fails: %d\n", krb5rc); kssl_err->reason = SSL_R_KRB5_C_INIT; goto err; } - if ((krb5rc = krb5_sname_to_principal( - krb5context, kssl_ctx->service_host, - (kssl_ctx->service_name) ? kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, &krb5creds.server)) != 0) { - BIO_snprintf(kssl_err->text,KSSL_ERR_MAX, + if ((krb5rc = krb5_sname_to_principal(krb5context, + kssl_ctx->service_host, + (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC, + KRB5_NT_SRV_HST, &krb5creds.server)) != 0) { + (void) snprintf(kssl_err->text,KSSL_ERR_MAX, "krb5_sname_to_principal() fails for %s/%s\n", kssl_ctx->service_host, - (kssl_ctx->service_name) ? kssl_ctx->service_name: KRB5SVC); + (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC); kssl_err->reason = SSL_R_KRB5_C_INIT; goto err; } @@ -566,7 +566,7 @@ kssl_TKT2tkt( if (asn1ticket == NULL || asn1ticket->realm == NULL || asn1ticket->sname == NULL || sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Null field in asn1ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return KRB5KRB_ERR_GENERIC; @@ -574,7 +574,7 @@ kssl_TKT2tkt( if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Unable to allocate new krb5_ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ @@ -588,7 +588,7 @@ kssl_TKT2tkt( gstr_svc->length, (char *)gstr_svc->data, gstr_host->length, (char *)gstr_host->data)) != 0) { free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Error building ticket server principal.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ @@ -603,7 +603,7 @@ kssl_TKT2tkt( if ((new5ticket->enc_part.ciphertext.data = calloc(1, asn1ticket->encdata->cipher->length)) == NULL) { free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Error allocating cipher in krb5ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; return KRB5KRB_ERR_GENERIC; @@ -743,7 +743,7 @@ kssl_sget_tkt( p = (unsigned char *)indata->data; if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p, (long)indata->length)) == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "d2i_KRB5_TICKET() ASN.1 decode failure.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; goto err; @@ -752,7 +752,7 @@ kssl_sget_tkt( /* Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */ if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket, kssl_err)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "Error converting ASN.1 ticket to krb5_ticket.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; goto err; @@ -761,7 +761,7 @@ kssl_sget_tkt( if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) { krb5rc = KRB5_PRINC_NOMATCH; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "server principal != ticket principal\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; goto err; @@ -769,14 +769,14 @@ kssl_sget_tkt( if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, krb5ticket->server, krb5ticket->enc_part.kvno, krb5ticket->enc_part.enctype, &kt_entry)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "krb5_kt_get_entry() fails with %x.\n", krb5rc); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; goto err; } if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key, krb5ticket)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, + (void) snprintf(kssl_err->text, KSSL_ERR_MAX, "krb5_decrypt_tkt_part() failed.\n"); kssl_err->reason = SSL_R_KRB5_S_RD_REQ; goto err; diff --git a/src/lib/libssl/src/ssl/kssl.h b/src/lib/libssl/src/ssl/kssl.h index 8242fd5eeb..ca0ebac147 100644 --- a/src/lib/libssl/src/ssl/kssl.h +++ b/src/lib/libssl/src/ssl/kssl.h @@ -116,10 +116,10 @@ typedef unsigned char krb5_octet; #define KSSL_CLOCKSKEW 300; #endif -#define KSSL_ERR_MAX 255 +#define KSSL_ERR_MAX 256 typedef struct kssl_err_st { int reason; - char text[KSSL_ERR_MAX+1]; + char text[KSSL_ERR_MAX]; } KSSL_ERR; diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index f37c70cf91..0e24e0a5c6 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c @@ -1499,7 +1499,7 @@ const char *rule_str) char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { - int is_export, pkl, kl; + int is_export, pkl, kl, l; const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; @@ -1672,11 +1672,14 @@ char return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); + l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); #else - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); + l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); #endif /* KSSL_DEBUG */ - return (buf); + if (l >= len || l == -1) + return("Buffer too small"); + else + return (buf); } char diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 269d171615..664147cb6a 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c @@ -1820,8 +1820,8 @@ process_proxy_debug(int indent, const char *format, ...) char my_format[256]; va_list args; - BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s", - indent, indent, indentation, format); + (void) snprintf(my_format, sizeof(my_format), "%*.*s %s", + indent, indent, indentation, format); va_start(args, format); vfprintf(stderr, my_format, args); @@ -2311,8 +2311,8 @@ psk_client_callback(SSL *ssl, const char *hint, char *identity, int ret; unsigned int psk_len = 0; - ret = BIO_snprintf(identity, max_identity_len, "Client_identity"); - if (ret < 0) + ret = snprintf(identity, max_identity_len, "Client_identity"); + if (ret >= max_identity_len || ret == -1) goto out_err; if (debug) fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret); diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index f37c70cf91..0e24e0a5c6 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1499,7 +1499,7 @@ const char *rule_str) char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { - int is_export, pkl, kl; + int is_export, pkl, kl, l; const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; @@ -1672,11 +1672,14 @@ char return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); + l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); #else - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); + l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); #endif /* KSSL_DEBUG */ - return (buf); + if (l >= len || l == -1) + return("Buffer too small"); + else + return (buf); } char -- cgit v1.2.3-55-g6feb