Use correct length when prompting for password.
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73)
This commit is contained in:
Dr. Stephen Henson
parent
b8d208c549
commit
bb98beade9
1 changed files with 2 additions and 2 deletions
|
|
@ -588,12 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify,
|
|||
|
||||
if (ok >= 0)
|
||||
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
|
||||
PW_MIN_LENGTH,BUFSIZ-1);
|
||||
PW_MIN_LENGTH,bufsiz-1);
|
||||
if (ok >= 0 && verify)
|
||||
{
|
||||
buff = (char *)OPENSSL_malloc(bufsiz);
|
||||
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
|
||||
PW_MIN_LENGTH,BUFSIZ-1, buf);
|
||||
PW_MIN_LENGTH,bufsiz-1, buf);
|
||||
}
|
||||
if (ok >= 0)
|
||||
do
|
||||
|
|
|
|||
Loading…
Reference in a new issue