Hi, In this patch, I've tried to spot fgets calls which return value was not checked.
Also, there's no need to remove 1 byte in the given buffer size (for the last NUL char I guess), fgets already deals with that. Best regards, Charles Longeau Index: apps/ca.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/apps/ca.c,v retrieving revision 1.157 diff -u -p -r1.157 ca.c --- apps/ca.c 4 Apr 2007 14:35:56 -0000 1.157 +++ apps/ca.c 6 Sep 2007 17:22:47 -0000 @@ -1256,7 +1256,12 @@ bad: BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); (void)BIO_flush(bio_err); buf[0][0]='\0'; - fgets(buf[0],10,stdin); + if (fgets(buf[0],10,stdin) == NULL) + { + BIO_printf(bio_err,"fgets error\n"); + ret=1; + goto err; + } if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); @@ -2106,7 +2111,12 @@ again2: BIO_printf(bio_err,"Sign the certificate? [y/n]:"); (void)BIO_flush(bio_err); buf[0]='\0'; - fgets(buf,sizeof(buf)-1,stdin); + if (fgets(buf,sizeof(buf),stdin) == NULL) + { + BIO_printf(bio_err,"fgets error\n"); + ok=0; + goto err; + } if (!((buf[0] == 'y') || (buf[0] == 'Y'))) { BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); Index: apps/enc.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/apps/enc.c,v retrieving revision 1.48 diff -u -p -r1.48 enc.c --- apps/enc.c 31 Jul 2007 09:42:47 -0000 1.48 +++ apps/enc.c 6 Sep 2007 17:31:38 -0000 @@ -225,7 +225,11 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,sizeof buf,infile); + if (fgets(buf,sizeof buf,infile) == NULL) + { + BIO_printf(bio_err,"fgets\n"); + goto bad; + } fclose(infile); i=strlen(buf); if ((i > 0) && Index: apps/openssl.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/apps/openssl.c,v retrieving revision 1.61 diff -u -p -r1.61 openssl.c --- apps/openssl.c 9 Jul 2006 00:53:43 -0000 1.61 +++ apps/openssl.c 6 Sep 2007 17:32:28 -0000 @@ -322,7 +322,11 @@ int main(int Argc, char *Argv[]) else prompt="OpenSSL> "; fputs(prompt,stdout); fflush(stdout); - fgets(p,n,stdin); + if (fgets(p,n,stdin) == NULL) + { + ret=1; + goto end; + } if (p[0] == '\0') goto end; i=strlen(p); if (i <= 1) break; Index: apps/req.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/apps/req.c,v retrieving revision 1.136 diff -u -p -r1.136 req.c --- apps/req.c 12 Aug 2007 17:44:27 -0000 1.136 +++ apps/req.c 6 Sep 2007 17:34:16 -0000 @@ -1442,7 +1442,11 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (fgets(buf,sizeof buf,stdin) == NULL) + { + BIO_printf(bio_err,"fgets\n"); + return(0); + } } else { @@ -1500,7 +1504,11 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (fgets(buf,sizeof buf,stdin) == NULL) + { + BIO_printf(bio_err,"fgets\n"); + return(0); + } } else { Index: crypto/bio/bss_file.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/crypto/bio/bss_file.c,v retrieving revision 1.30 diff -u -p -r1.30 bss_file.c --- crypto/bio/bss_file.c 29 Jan 2006 23:12:08 -0000 1.30 +++ crypto/bio/bss_file.c 6 Sep 2007 17:46:03 -0000 @@ -401,7 +401,8 @@ static int MS_CALLBACK file_gets(BIO *bp if (bp->flags&BIO_FLAGS_UPLINK) UP_fgets(buf,size,bp->ptr); else - fgets(buf,size,(FILE *)bp->ptr); + if (fgets(buf,size,(FILE *)bp->ptr) == NULL) + return(0); if (buf[0] != '\0') ret=strlen(buf); return(ret); Index: crypto/des/des.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/crypto/des/des.c,v retrieving revision 1.21 diff -u -p -r1.21 des.c --- crypto/des/des.c 28 Nov 2002 08:03:31 -0000 1.21 +++ crypto/des/des.c 6 Sep 2007 17:50:31 -0000 @@ -764,7 +764,11 @@ int uufread(unsigned char *out, int size for (;;) { b[0]='\0'; - fgets((char *)b,300,fp); + if (fgets((char *)b,300,fp) == NULL) + { + fprintf(stderr,"fgets\n"); + return(-1); + } if (b[0] == '\0') { fprintf(stderr,"no 'begin' found in uuencoded input\n"); @@ -785,7 +789,11 @@ int uufread(unsigned char *out, int size for (;;) { b[0]='\0'; - fgets((char *)b,300,fp); + if (fgets((char *)b,300,fp) == NULL) + { + fprintf(stderr,"fgets\n"); + return(-1); + } if (b[0] == '\0') break; i=strlen((char *)b); if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) @@ -793,7 +801,11 @@ int uufread(unsigned char *out, int size done=1; while (!feof(fp)) { - fgets((char *)b,300,fp); + if (fgets((char *)b,300,fp) == NULL) + { + fprintf(stderr,"fgets\n"); + return(-1); + } } break; } Index: crypto/des/read_pwd.c =================================================================== RCS file: /home/chl/mirrors/cvs.openssl.org/openssl/crypto/des/read_pwd.c,v retrieving revision 1.32 diff -u -p -r1.32 read_pwd.c --- crypto/des/read_pwd.c 28 Nov 2002 08:03:32 -0000 1.32 +++ crypto/des/read_pwd.c 6 Sep 2007 17:58:12 -0000 @@ -250,7 +250,8 @@ static void read_till_nl(FILE *in) char buf[SIZE+1]; do { - fgets(buf,SIZE,in); + if (fgets(buf,sizeof(buf),in) == NULL) + err(1, NULL); } while (strchr(buf,'\n') == NULL); } @@ -362,7 +363,7 @@ int des_read_pw(char *buf, char *buff, i fflush(stderr); buf[0]='\0'; - fgets(buf,size,tty); + if (fgets(buf,size,tty) == NULL) goto err; if (feof(tty)) goto error; if (ferror(tty)) goto error; if ((p=(char *)strchr(buf,'\n')) != NULL) @@ -373,7 +374,7 @@ int des_read_pw(char *buf, char *buff, i fprintf(stderr,"\nVerifying password - %s",prompt); fflush(stderr); buff[0]='\0'; - fgets(buff,size,tty); + if (fgets(buf,size,tty) == NULL) goto err; if (feof(tty)) goto error; if ((p=(char *)strchr(buff,'\n')) != NULL) *p='\0'; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]