Fix memory corruption in rsa sign/verify programs
We have no guarantee there is enough room in the argv strings. Fixes #210
This commit is contained in:
parent
8b2641d36f
commit
d74c697035
3 changed files with 13 additions and 10 deletions
|
@ -35,6 +35,7 @@ Bugfix
|
|||
Aleksandrs Saveljevs) (#238)
|
||||
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
||||
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
||||
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
|
||||
|
||||
Changes
|
||||
* The PEM parser now accepts a trailing space at end of lines (#226).
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <stdio.h>
|
||||
#define mbedtls_fprintf fprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
|
@ -60,6 +61,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_rsa_context rsa;
|
||||
unsigned char hash[20];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
ret = 1;
|
||||
|
||||
|
@ -135,11 +137,11 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>-sig.txt
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||
|
||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
||||
if( ( f = fopen( filename, "wb+" ) ) == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
|
||||
|
@ -152,7 +154,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
|
||||
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
|
||||
|
||||
exit:
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
|
@ -59,6 +60,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_rsa_context rsa;
|
||||
unsigned char hash[20];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
ret = 1;
|
||||
if( argc != 2 )
|
||||
|
@ -99,17 +101,15 @@ int main( int argc, char *argv[] )
|
|||
* Extract the RSA signature from the text file
|
||||
*/
|
||||
ret = 1;
|
||||
i = strlen( argv[1] );
|
||||
memcpy( argv[1] + i, ".sig", 5 );
|
||||
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||
|
||||
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
|
||||
if( ( f = fopen( filename, "rb" ) ) == NULL )
|
||||
{
|
||||
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
|
||||
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
argv[1][i] = '\0', i = 0;
|
||||
|
||||
i = 0;
|
||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||
i < (int) sizeof( buf ) )
|
||||
buf[i++] = (unsigned char) c;
|
||||
|
|
Loading…
Reference in a new issue