Fix stack corruption in ui_read

This is an alternative to #20893 Additionally this fixes also a possible issue in UI_UTIL_read_pw: When UI_new returns NULL, the result code would still be zero as if UI_UTIL_read_pw succeeded, but the password buffer is left uninitialized, with subsequent possible stack corruption or worse. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20957)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2023-05-13 09:04:18 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-05-17 12:07:02 +0200
commit: a64c48cff88e032cf9513578493c4536df725a22 (patch)
tree: 303a52f0ae1ee45ce56f59d23cbacfeb01542472 /crypto/ui/ui_util.c
parent: 43d5dac9d00ac486823d949f85ee3ad650b62af8 (diff)
download: openssl-new-a64c48cff88e032cf9513578493c4536df725a22.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 80297969ab..e26c1b5d25 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -32,7 +32,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
 int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
                     int verify)
 {
-    int ok = 0;
+    int ok = -2;
     UI *ui;
 
     if (size < 1)
@@ -47,8 +47,6 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
             ok = UI_process(ui);
         UI_free(ui);
     }
-    if (ok > 0)
-        ok = 0;
     return ok;
 }
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2023-05-13 09:04:18 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-05-17 12:07:02 +0200
commit	a64c48cff88e032cf9513578493c4536df725a22 (patch)
tree	303a52f0ae1ee45ce56f59d23cbacfeb01542472 /crypto/ui/ui_util.c
parent	43d5dac9d00ac486823d949f85ee3ad650b62af8 (diff)
download	openssl-new-a64c48cff88e032cf9513578493c4536df725a22.tar.gz