From: FdaSilvaYY <fdasilvayy@gmail.com>
Date: Thu, 15 Sep 2016 19:16:17 +0000 (+0200)
Subject: Introduce PATH_MAX and NAME_MAX
X-Git-Tag: OpenSSL_1_1_1-pre1~3054
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=dfc3ffe50251463b4af7deeac3d407667f9050a3

Introduce PATH_MAX and NAME_MAX

 to define the certificate filename storage buffer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1569)
---

diff --git a/apps/ca.c b/apps/ca.c
index f7c6fc480a..b48788c6a8 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -47,8 +47,14 @@
 # define R_OK 4
 #endif
 
-#undef BSIZE
-#define BSIZE 256
+#ifndef PATH_MAX
+# define PATH_MAX 4096
+#endif
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+#define CERT_MAX (PATH_MAX + NAME_MAX)
 
 #define BASE_SECTION            "ca"
 
@@ -246,7 +252,7 @@ int ca_main(int argc, char **argv)
     const char *serialfile = NULL, *subj = NULL;
     char *prog, *startdate = NULL, *enddate = NULL;
     char *dbfile = NULL, *f, *randfile = NULL;
-    char new_cert[BSIZE] = { 0 };
+    char new_cert[CERT_MAX + 1];
     char tmp[10 + 1] = "\0";
     char *const *pp;
     const char *p;
@@ -262,6 +268,8 @@ int ca_main(int argc, char **argv)
     X509_REVOKED *r = NULL;
     OPTION_CHOICE o;
 
+    new_cert[CERT_MAX] = '\0';
+
     prog = opt_init(argc, argv, ca_options);
     while ((o = opt_next()) != OPT_EOF) {
         switch (o) {
@@ -988,7 +996,7 @@ end_of_options:
             j = ASN1_STRING_length(serialNumber);
             p = (const char *)ASN1_STRING_get0_data(serialNumber);
 
-            if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+            if (strlen(outdir) >= (size_t)(j ? CERT_MAX - j * 2 - 6 : CERT_MAX - 8)) {
                 BIO_printf(bio_err, "certificate file name too long\n");
                 goto end;
             }