In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.

Submitted by Götz Babin-Ebell <babinebell@trustcenter.de>

In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.
Submitted by Götz Babin-Ebell <babinebell@trustcenter.de>
b57c98df · Richard Levitte · c4da6dd3 · b57c98df
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

crypto/ui/ui_util.c crypto/ui/ui_util.c +5 -2

未找到文件。
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -71,12 +71,15 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
 	int ok = 0;
 	UI *ui;

+	if (size < 1)
+		return -1;
+
 	ui = UI_new();
 	if (ui)
 		{
-		ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1);
+		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
 		if (ok == 0 && verify)
-			ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1,
+			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
 				buf);
 		if (ok == 0)
 			ok=UI_process(ui);