[openssl.org #456] openssl 0.9.7, bug in ui_lib.c:general_allocate_string

Mon, 13 Jan 2003 06:17:10 -0800 

Hello,

Thanks for the report.  Unfortunately, your conclusions are incorrect.  The functions 
that you spotted in ui_lib.c return the expected values, it's UI_UTIL_read_pw() that 
interprets those values incorrectly.

I'm committing a change that should fix this.  Please try tomorrows snapshot.

This ticket is now resolved.

[[EMAIL PROTECTED] - Mon Jan 13 09:15:47 2003]:

> [ Sorry if you see this twice.  I missed the existence of the RT alias
>   before sending this to openssl-dev earlier. ]
> 
> Hello,
> 
> Regarding openssl 0.9.7:
> 
> When using OPENSSL_DES_LIBDES_COMPATIBILITY, I noticed that
> `des_read_pw_string' was not functioning.  I tracked this down to a
> bug in crypto/ui/ui_lib.c:general_allocate_string().
> 
> Callers of general_allocate_string (including ultimately
> UI_UTIL_read_pw, which is used to implement des_read_pw_string) expect
> it to return 0 for success, or non-zero for failure.  However, the
> return code is mishandled here:
> 
>     164 static int general_allocate_string(UI *ui, const char *prompt,
>  [...]
>     168         int ret = -1;
>  [...]
>     179                         ret=sk_UI_STRING_push(ui->strings, s);
>     180                         /* sk_push() returns 0 on error.
> Let's addapt that */
>     181                         if (ret <= 0) ret--;
> 
> sk_UI_STRING_push returns 0 on error, or a positive integer
> for success.  Therefore, if sk_UI_STRING_push succeeds,
> general_allocate_string returns a positive integer, which does not
> match what callers expect.
> 
> This is the simple fix I applied locally (note the same issue exists
> in general_allocate_boolean).
> 
> --- ui_lib.c  Wed Dec  4 18:04:40 2002
> +++ ui_lib.c  Sun Jan 12 09:04:16 2003
> @@ -178,7 +178,7 @@
>                       s->_.string_data.test_buf=test_buf;
>                       ret=sk_UI_STRING_push(ui->strings, s);
>                       /* sk_push() returns 0 on error.  Let's addapt that */
> -                     if (ret <= 0) ret--;
> +                     ret = (ret == 0) ? -1 : 0;
>                       }
>               else
>                       free_string(s);
> @@ -228,7 +228,7 @@
>                               ret=sk_UI_STRING_push(ui->strings, s);
>                               /* sk_push() returns 0 on error.
>                                  Let's addapt that */
> -                             if (ret <= 0) ret--;
> +                             ret = (ret == 0) ? -1 : 0;
>                               }
>                       else
>                               free_string(s);
> 
> 
> Cheers,


-- 
Richard Levitte
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to