In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ.

Submitted by Götz Babin-Ebell <babinebell@trustcenter.de>

crypto/ui/ui_util.c

@@ -71,12 +71,15 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
 	int ok = 0;
 	UI *ui;
 
+	if (size < 1)
+		return -1;
+
 	ui = UI_new();
 	if (ui)
 		{
-		ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1);
+		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
 		if (ok == 0 && verify)
-			ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1,
+			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
 				buf);
 		if (ok == 0)
 			ok=UI_process(ui);