diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2017-04-25 15:28:50 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-05-01 22:55:29 +0200 |
| commit | 799c7048dc9d5b4e4af50a4f36867742578c7663 (patch) | |
| tree | f62c7fa6357ca1d719b912e63d7471978392eb70 | |
| parent | 7ee52c25f35816968b86d32eaef70ab743a457d4 (diff) | |
| download | curl-799c7048dc9d5b4e4af50a4f36867742578c7663.tar.gz | |
openssl: use local stack for temp storage
| -rw-r--r-- | lib/vtls/openssl.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 52ebe671a..9def5ab66 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -236,8 +236,8 @@ static CURLcode Curl_ossl_seed(struct Curl_easy *data) /* we have the "SSL is seeded" boolean static to prevent multiple time-consuming seedings in vain */ static bool ssl_seeded = FALSE; - char *buf = data->state.buffer; /* point to the big buffer */ int nread=0; + char fname[256]; if(ssl_seeded) return CURLE_OK; @@ -297,11 +297,11 @@ static CURLcode Curl_ossl_seed(struct Curl_easy *data) } while(!rand_enough()); /* generates a default path for the random seed file */ - buf[0]=0; /* blank it first */ - RAND_file_name(buf, BUFSIZE); - if(buf[0]) { + fname[0]=0; /* blank it first */ + RAND_file_name(fname, sizeof(fname)); + if(fname[0]) { /* we got a file name to try */ - nread += RAND_load_file(buf, RAND_LOAD_LENGTH); + nread += RAND_load_file(fname, RAND_LOAD_LENGTH); if(rand_enough()) return nread; } @@ -2807,7 +2807,7 @@ static CURLcode servercert(struct connectdata *conn, struct Curl_easy *data = conn->data; X509 *issuer; FILE *fp; - char *buffer = data->state.buffer; + char buffer[2048]; const char *ptr; long * const certverifyresult = SSL_IS_PROXY() ? &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; @@ -2830,7 +2830,7 @@ static CURLcode servercert(struct connectdata *conn, infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server"); rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert), - buffer, BUFSIZE); + buffer, sizeof(buffer)); infof(data, " subject: %s\n", rc?"[NONE]":buffer); ASN1_TIME_print(mem, X509_get0_notBefore(connssl->server_cert)); @@ -2855,7 +2855,7 @@ static CURLcode servercert(struct connectdata *conn, } rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert), - buffer, BUFSIZE); + buffer, sizeof(buffer)); if(rc) { if(strict) failf(data, "SSL: couldn't get X509-issuer name!"); |