diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-11-28 16:12:58 -0500 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-12-15 11:47:17 +0100 |
| commit | 021410ea3fc3876538830839d16b67e610d12785 (patch) | |
| tree | 7178c87097f1083bc285a77f8ec179ceba343464 | |
| parent | c678f68a19638c1e2bbfee6a7a1d8d728976ce66 (diff) | |
| download | openssl-021410ea3fc3876538830839d16b67e610d12785.zip openssl-021410ea3fc3876538830839d16b67e610d12785.tar.gz openssl-021410ea3fc3876538830839d16b67e610d12785.tar.bz2 | |
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
53 files changed, 188 insertions, 106 deletions
diff --git a/apps/asn1pars.c b/apps/asn1pars.c index ae47aa8..798e8d1 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -157,6 +157,8 @@ int asn1parse_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; @@ -488,7 +488,9 @@ opthelp: break; } } + end_of_options: + /* Remaining args are files to certify. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/ciphers.c b/apps/ciphers.c index 500b416..3afbbe5 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -176,11 +176,12 @@ int ciphers_main(int argc, char **argv) break; } } + + /* Optional arg is cipher name. */ argv = opt_rest(); argc = opt_num_rest(); - if (argc == 1) - ciphers = *argv; + ciphers = argv[0]; else if (argc != 0) goto opthelp; @@ -2289,7 +2289,9 @@ static int get_opts(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: - goto opt_err; + opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + return 0; case OPT_HELP: opt_help(cmp_options); return -1; @@ -2311,11 +2313,11 @@ static int get_opts(int argc, char **argv) break; case OPT_MSG_TIMEOUT: if ((opt_msg_timeout = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_TOTAL_TIMEOUT: if ((opt_total_timeout = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_TLS_USED: opt_tls_used = 1; @@ -2399,7 +2401,7 @@ static int get_opts(int argc, char **argv) case OPT_V_CASES: if (!opt_verify(o, vpm)) - goto opt_err; + goto opthelp; break; case OPT_CMD: opt_cmd_s = opt_str("cmd"); @@ -2425,7 +2427,7 @@ static int get_opts(int argc, char **argv) break; case OPT_DAYS: if ((opt_days = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_REQEXTS: opt_reqexts = opt_str("reqexts"); @@ -2450,7 +2452,7 @@ static int get_opts(int argc, char **argv) || opt_popo < OSSL_CRMF_POPO_NONE || opt_popo > OSSL_CRMF_POPO_KEYENC) { CMP_err("invalid popo spec. Valid values are -1 .. 2"); - goto opt_err; + goto opthelp; } break; case OPT_CSR: @@ -2480,7 +2482,7 @@ static int get_opts(int argc, char **argv) || opt_revreason > CRL_REASON_AA_COMPROMISE || opt_revreason == 7) { CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); - goto opt_err; + goto opthelp; } break; case OPT_CERTFORM: @@ -2499,7 +2501,7 @@ static int get_opts(int argc, char **argv) #endif case OPT_PROV_CASES: if (!opt_provider(o)) - goto opt_err; + goto opthelp; break; case OPT_BATCH: @@ -2531,7 +2533,7 @@ static int get_opts(int argc, char **argv) break; case OPT_MAX_MSGS: if ((opt_max_msgs = opt_nat()) < 0) - goto opt_err; + goto opthelp; break; case OPT_SRV_REF: opt_srv_ref = opt_str("srv_ref"); @@ -2604,17 +2606,13 @@ static int get_opts(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc != 0) { - CMP_err1("unknown parameter %s", argv[0]); - goto opt_err; - } + if (argc != 0) + goto opthelp; return 1; - - opt_err: - CMP_err1("use -help for summary of '%s' options", prog); - return 0; } int cmp_main(int argc, char **argv) @@ -699,6 +699,8 @@ int cms_main(int argc, char **argv) break; } } + + /* Remaining args are files to process. */ argc = opt_num_rest(); argv = opt_rest(); @@ -201,6 +201,8 @@ int crl_main(int argc, char **argv) break; } } + + /* No remaining args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 9137f87..577d80f 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -102,6 +102,8 @@ int crl2pkcs7_main(int argc, char **argv) break; } } + + /* No remaining args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/dgst.c b/apps/dgst.c index 4adf9cd..7110a97 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -220,6 +220,8 @@ int dgst_main(int argc, char **argv) break; } } + + /* Remaining args are files to digest. */ argc = opt_num_rest(); argv = opt_rest(); if (keyfile != NULL && argc > 1) { diff --git a/apps/dhparam.c b/apps/dhparam.c index ecb4e17..a69dfd3 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -146,11 +146,17 @@ int dhparam_main(int argc, char **argv) break; } } + + /* One optional argument, bitsize to generate. */ argc = opt_num_rest(); argv = opt_rest(); + if (argc == 1) { + if (!opt_int(argv[0], &num) || num <= 0) + goto opthelp; + } else if (argc != 0) { + goto opthelp; + } - if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0)) - goto end; if (g && !num) num = DEFBITS; @@ -150,6 +150,8 @@ int dsa_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 8bbd657..f09318f 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -125,15 +125,19 @@ int dsaparam_main(int argc, char **argv) break; } } + + /* Optional arg is bitsize. */ argc = opt_num_rest(); argv = opt_rest(); - if (argc == 1) { if (!opt_int(argv[0], &num) || num < 0) - goto end; - /* generate a key */ - numbits = num; + goto opthelp; + } else if (argc != 0) { + goto opthelp; } + + /* generate a key */ + numbits = num; private = genkey ? 1 : 0; out = bio_open_owner(outfile, outformat, private); @@ -166,6 +166,8 @@ int ec_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/ecparam.c b/apps/ecparam.c index 3e20be2..06f017a 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -172,6 +172,8 @@ int ecparam_main(int argc, char **argv) break; } } + + /* No extra args. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; @@ -295,10 +295,11 @@ int enc_main(int argc, char **argv) break; } } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0) goto opthelp; - } if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); diff --git a/apps/engine.c b/apps/engine.c index 393008d..b494a79 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -360,7 +360,7 @@ int engine_main(int argc, char **argv) } } - /* Allow any trailing parameters as engine names. */ + /* Any remaining arguments are engine names. */ argc = opt_num_rest(); argv = opt_rest(); for ( ; *argv; argv++) { diff --git a/apps/errstr.c b/apps/errstr.c index 9e97698..782705a 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -52,16 +52,19 @@ int errstr_main(int argc, char **argv) } } + /* + * We're not really an SSL application so this won't auto-init, but + * we're still interested in SSL error strings + */ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + + /* All remaining arg are error code. */ ret = 0; - for (argv = opt_rest(); *argv; argv++) { + for (argv = opt_rest(); *argv != NULL; argv++) { if (sscanf(*argv, "%lx", &l) == 0) { ret++; } else { - /* We're not really an SSL application so this won't auto-init, but - * we're still interested in SSL error strings - */ - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_error_string_n(l, buf, sizeof(buf)); BIO_printf(bio_out, "%s\n", buf); } diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index d1cda24..4a1b89d 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -373,7 +373,11 @@ opthelp: break; } } + + /* No extra arguments. */ argc = opt_num_rest(); + if (argc != 0) + goto opthelp; if (parent_config != NULL) { /* Test that a parent config can load the module */ @@ -386,9 +390,8 @@ opthelp: goto end; } if (module_fname == NULL - || (verify && in_fname == NULL) - || (!verify && out_fname == NULL) - || argc != 0) + || (verify && in_fname == NULL) + || (!verify && out_fname == NULL)) goto opthelp; tail = opt_path_end(module_fname); diff --git a/apps/gendsa.c b/apps/gendsa.c index f2afa11..d525f70 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -102,13 +102,15 @@ int gendsa_main(int argc, char **argv) break; } } + + /* One argument, the params file. */ argc = opt_num_rest(); argv = opt_rest(); - private = 1; - if (argc != 1) goto opthelp; - dsaparams = *argv; + + dsaparams = argv[0]; + private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genpkey.c b/apps/genpkey.c index d6ab0e6..523ec1d 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -153,6 +153,8 @@ int genpkey_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/genrsa.c b/apps/genrsa.c index 32f0882..2cc1abf 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -146,6 +146,8 @@ opthelp: break; } } + + /* One optional argument, the bitsize. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/info.c b/apps/info.c index ae6e34c..5099853 100644 --- a/apps/info.c +++ b/apps/info.c @@ -86,10 +86,8 @@ opthelp: break; } } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "%s: Extra parameters given.\n", prog); + if (opt_num_rest() != 0) goto opthelp; - } if (dirty > 1) { BIO_printf(bio_err, "%s: Only one item allowed\n", prog); goto opthelp; @@ -89,13 +89,12 @@ opthelp: break; } } + + /* One argument, the KDF name. */ argc = opt_num_rest(); argv = opt_rest(); - - if (argc != 1) { - BIO_printf(bio_err, "Invalid number of extra arguments\n"); + if (argc != 1) goto opthelp; - } if ((kdf = EVP_KDF_fetch(NULL, argv[0], NULL)) == NULL) { BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); diff --git a/apps/list.c b/apps/list.c index df25e00..986a288 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1529,10 +1529,10 @@ opthelp: } done = 1; } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + + /* No extra arguments. */ + if (opt_num_rest() != 0) goto opthelp; - } if (todo.commands) list_type(FT_general, one); @@ -98,13 +98,12 @@ opthelp: break; } } + + /* One argument, the MAC name. */ argc = opt_num_rest(); argv = opt_rest(); - - if (argc != 1) { - BIO_printf(bio_err, "Invalid number of extra arguments\n"); + if (argc != 1) goto opthelp; - } mac = EVP_MAC_fetch(NULL, argv[0], NULL); if (mac == NULL) { diff --git a/apps/nseq.c b/apps/nseq.c index 92ae7bd..706ca58f 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -71,6 +71,8 @@ int nseq_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/ocsp.c b/apps/ocsp.c index 174f237..982423d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -514,14 +514,17 @@ int ocsp_main(int argc, char **argv) break; } } + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0) + goto opthelp; + if (trailing_md) { BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n", prog); goto opthelp; } - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; /* Have we anything to do? */ if (req == NULL && reqin == NULL diff --git a/apps/openssl.c b/apps/openssl.c index 9d697a8..e674608 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -347,6 +347,7 @@ int help_main(int argc, char **argv) } } + /* One optional argument, the command to get help for. */ if (opt_num_rest() == 1) { new_argv[0] = opt_rest()[0]; new_argv[1] = "--help"; diff --git a/apps/passwd.c b/apps/passwd.c index 5bf0315..c392544 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -184,9 +184,10 @@ int passwd_main(int argc, char **argv) break; } } + + /* All remaining arguments are the password text */ argc = opt_num_rest(); argv = opt_rest(); - if (*argv != NULL) { if (pw_source_defined) goto opthelp; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 5c05fdd..60e12cf 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -335,7 +335,11 @@ int pkcs12_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); + if (argc != 0) + goto opthelp; if (export_pkcs12) { if ((options & INFO) != 0) @@ -421,8 +425,6 @@ int pkcs12_main(int argc, char **argv) enc = EVP_des_ede3_cbc(); } - if (argc != 0) - goto opthelp; private = 1; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index f09994d..efc58b1 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -110,6 +110,8 @@ int pkcs7_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 37f20b3..ae0824c 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -193,6 +193,8 @@ int pkcs8_main(int argc, char **argv) #endif } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/pkey.c b/apps/pkey.c index 8aafcb4..65988a8 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -185,6 +185,8 @@ int pkey_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index df95f76..42de552 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -90,6 +90,8 @@ int pkeyparam_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 3146b1f..a88a6ca 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -250,6 +250,8 @@ int pkeyutl_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/prime.c b/apps/prime.c index 277500d..1879d14 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -81,16 +81,14 @@ opthelp: break; } } + + /* Optional arguments are numbers to check. */ argc = opt_num_rest(); argv = opt_rest(); - if (generate) { - if (argc != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + if (argc != 0) goto opthelp; - } } else if (argc == 0) { - BIO_printf(bio_err, "%s: No prime specified\n", prog); goto opthelp; } diff --git a/apps/rand.c b/apps/rand.c index 1ad6894..c78123e 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -88,13 +88,14 @@ int rand_main(int argc, char **argv) break; } } + + /* Optional argument is number of bytes to generate. */ argc = opt_num_rest(); argv = opt_rest(); if (argc == 1) { if (!opt_int(argv[0], &num) || num <= 0) - goto end; - } else if (argc > 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; + } else if (argc != 0) { goto opthelp; } diff --git a/apps/rehash.c b/apps/rehash.c index 3cbd65c..2b867d4 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -515,6 +515,8 @@ int rehash_main(int argc, char **argv) break; } } + + /* Optional arguments are directories to scan. */ argc = opt_num_rest(); argv = opt_rest(); @@ -449,6 +449,8 @@ int req_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; @@ -175,6 +175,8 @@ int rsa_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/rsautl.c b/apps/rsautl.c index 8fefaee..333edb9 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -171,6 +171,8 @@ int rsautl_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/s_client.c b/apps/s_client.c index 98f034f..56444ba 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1572,6 +1572,24 @@ int s_client_main(int argc, char **argv) } } + /* Optional argument is connect string if -connect not used. */ + argc = opt_num_rest(); + if (argc == 1) { + /* + * Don't allow -connect and a separate argument. + */ + if (connectstr != NULL) { + BIO_printf(bio_err, + "%s: cannot provide both -connect option and target parameter\n", + prog); + goto opthelp; + } + connect_type = use_inet; + freeandcopy(&connectstr, *opt_rest()); + } else if (argc != 0) { + goto opthelp; + } + if (count4or6 >= 2) { BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); goto opthelp; @@ -1590,23 +1608,6 @@ int s_client_main(int argc, char **argv) goto opthelp; } } - argc = opt_num_rest(); - if (argc == 1) { - /* If there's a positional argument, it's the equivalent of - * OPT_CONNECT. - * Don't allow -connect and a separate argument. - */ - if (connectstr != NULL) { - BIO_printf(bio_err, - "%s: must not provide both -connect option and target parameter\n", - prog); - goto opthelp; - } - connect_type = use_inet; - freeandcopy(&connectstr, *opt_rest()); - } else if (argc != 0) { - goto opthelp; - } #ifndef OPENSSL_NO_NEXTPROTONEG if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { diff --git a/apps/s_server.c b/apps/s_server.c index 24dffea..55a300b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1660,8 +1660,11 @@ int s_server_main(int argc, char *argv[]) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); - argv = opt_rest(); + if (argc != 0) + goto opthelp; #ifndef OPENSSL_NO_NEXTPROTONEG if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { diff --git a/apps/s_time.c b/apps/s_time.c index 3730ca5..2052a15 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -234,6 +234,8 @@ int s_time_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/sess_id.c b/apps/sess_id.c index 5183ea9..de25cea 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -96,6 +96,8 @@ int sess_id_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; diff --git a/apps/smime.c b/apps/smime.c index f0ac6ed..b8451d8 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -356,6 +356,8 @@ int smime_main(int argc, char **argv) break; } } + + /* Extra arguments are files with recipient keys. */ argc = opt_num_rest(); argv = opt_rest(); @@ -363,6 +365,11 @@ int smime_main(int argc, char **argv) BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto opthelp; } + if (!operation) { + BIO_puts(bio_err, + "No operation (-encrypt|-sign|...) specified\n"); + goto opthelp; + } if (operation & SMIME_SIGNERS) { /* Check to see if any final signer needs to be appended */ @@ -398,8 +405,6 @@ int smime_main(int argc, char **argv) BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); goto opthelp; } - } else if (!operation) { - goto opthelp; } if (!app_passwd(passinarg, NULL, &passin, NULL)) { diff --git a/apps/speed.c b/apps/speed.c index fa30924..07c2238 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1807,10 +1807,11 @@ int speed_main(int argc, char **argv) break; } } + + /* Remaining arguments are algorithms. */ argc = opt_num_rest(); argv = opt_rest(); - /* Remaining arguments are algorithms. */ for (; *argv; argv++) { const char *algo = *argv; diff --git a/apps/spkac.c b/apps/spkac.c index 2b4009d..cfbbc41 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -125,6 +125,8 @@ int spkac_main(int argc, char **argv) break; } } + + /* No extra arguments. */ argc = opt_num_rest(); if (argc != 0) goto opthelp; @@ -301,6 +301,8 @@ int srp_main(int argc, char **argv) break; } } + + /* Optional parameters are usernames. */ argc = opt_num_rest(); argv = opt_rest(); diff --git a/apps/storeutl.c b/apps/storeutl.c index facbf63..0ec65ab 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -256,17 +256,12 @@ int storeutl_main(int argc, char *argv[]) break; } } + + /* One argument, the URI */ argc = opt_num_rest(); argv = opt_rest(); - - if (argc == 0) { - BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog); + if (argc != 1) goto opthelp; - } - if (argc > 1) { - BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog); - goto opthelp; - } if (criterion != 0) { switch (criterion) { @@ -286,7 +286,10 @@ int ts_main(int argc, char **argv) break; } } - if (mode == OPT_ERR || opt_num_rest() != 0) + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0 || mode == OPT_ERR) goto opthelp; if (mode == OPT_REPLY && passin && diff --git a/apps/verify.c b/apps/verify.c index ba4a8c2..bf200b0 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -193,8 +193,11 @@ int verify_main(int argc, char **argv) break; } } + + /* Extra arguments are certificates to verify. */ argc = opt_num_rest(); argv = opt_rest(); + if (trusted != NULL && (CAfile != NULL || CApath != NULL || CAstore != NULL)) { BIO_printf(bio_err, diff --git a/apps/version.c b/apps/version.c index 4a289fa..cb00f55 100644 --- a/apps/version.c +++ b/apps/version.c @@ -97,10 +97,12 @@ opthelp: break; } } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra parameters given.\n"); + + /* No extra arguments. */ + argc = opt_num_rest(); + if (argc != 0) goto opthelp; - } + if (!dirty) version = 1; diff --git a/apps/x509.c b/apps/x509.c index 8cd84f5..a82682b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -490,12 +490,11 @@ int x509_main(int argc, char **argv) goto opthelp; } } + + /* No extra arguments. */ argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 0) { - BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]); + if (argc != 0) goto opthelp; - } if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); |