Simplify buffer limit checking, and reuse BIO_snprintf returned value.

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
2016-07-05 19:48:23 +02:00 · 2016-07-05 19:48:23 +02:00 · 7606c231c9
parent edbff8da9b
commit 7606c231c9
1 changed files with 14 additions and 12 deletions
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -41,8 +41,6 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10

-#define MYBUFSIZ 1024*8
-
 #undef min
 #undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
@ -57,6 +55,8 @@ extern int verify_error;

 static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);

+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
@ -109,11 +109,11 @@ int s_time_main(int argc, char **argv)
    char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
    double totalTime = 0.0;
    int noCApath = 0, noCAfile = 0;
-    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
-        0, ver;
+    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
    long bytes_read = 0, finishtime = 0;
    OPTION_CHOICE o;
-    int max_version = 0;
+    int max_version = 0, ver, buf_len;
+    size_t buf_size;

    meth = TLS_client_method();
    verify_depth = 0;
@ -176,8 +176,9 @@ int s_time_main(int argc, char **argv)
            break;
        case OPT_WWW:
            www_path = opt_arg();
-            if (strlen(www_path) > MYBUFSIZ - 100) {
-                BIO_printf(bio_err, "%s: -www option too long\n", prog);
+            buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2;  /* 2 is for %s */
+            if (buf_size > sizeof(buf)) {
+                BIO_printf(bio_err, "%s: -www option is too long\n", prog);
                goto end;
            }
            break;
@ -232,9 +233,9 @@ int s_time_main(int argc, char **argv)
            goto end;

        if (www_path != NULL) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         www_path);
-            if (SSL_write(scon, buf, strlen(buf)) <= 0)
+            buf_len = BIO_snprintf(buf, sizeof buf,
+                                   fmt_http_get_cmd, www_path);
+            if (SSL_write(scon, buf, buf_len) <= 0)
                goto end;
            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
                bytes_read += i;
@ -290,8 +291,9 @@ int s_time_main(int argc, char **argv)
    }

    if (www_path != NULL) {
-        BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
-        if (SSL_write(scon, buf, strlen(buf)) <= 0)
+        buf_len = BIO_snprintf(buf, sizeof buf,
+                               fmt_http_get_cmd, www_path);
+        if (SSL_write(scon, buf, buf_len) <= 0)
            goto end;
        while (SSL_read(scon, buf, sizeof(buf)) > 0)
            continue;