[security] Fix buffer overflow.
This commit is contained in:
@@ -6,8 +6,9 @@
|
|||||||
* and related and neighboring rights to this software to the public domain
|
* and related and neighboring rights to this software to the public domain
|
||||||
* worldwide. This software is distributed without any warranty.
|
* worldwide. This software is distributed without any warranty.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the CC0 Public Domain Dedication along with
|
* You should have received a copy of the CC0 Public Domain Dedication along
|
||||||
* this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
|
* with this software. If not, see
|
||||||
|
* <http://creativecommons.org/publicdomain/zero/1.0/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "inexact.h"
|
#include "inexact.h"
|
||||||
@@ -293,6 +294,11 @@ int get_seckey(const char *keyfile, unsigned char *skey, unsigned char *pkey) {
|
|||||||
/* max_size = base64(sizeof(curve25519_key)) = 64 * 4 / 3 + 1 -> 86 */
|
/* max_size = base64(sizeof(curve25519_key)) = 64 * 4 / 3 + 1 -> 86 */
|
||||||
unsigned char file_data[87] = {0};
|
unsigned char file_data[87] = {0};
|
||||||
|
|
||||||
|
if (sz > sizeof(file_data)) {
|
||||||
|
printf("Bad key size\n");
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
size_t readed = fread(&file_data, 1, sz, fs);
|
size_t readed = fread(&file_data, 1, sz, fs);
|
||||||
if (readed != sz) {
|
if (readed != sz) {
|
||||||
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
|
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
|
||||||
@@ -418,6 +424,12 @@ int get_pubkey(const char *keyfile, unsigned char *pkey) {
|
|||||||
|
|
||||||
/* max_size = base64(sizeof(curve25519_key)) = 32 * 4 / 3 + 1 -> 44 */
|
/* max_size = base64(sizeof(curve25519_key)) = 32 * 4 / 3 + 1 -> 44 */
|
||||||
unsigned char file_data[44] = {0};
|
unsigned char file_data[44] = {0};
|
||||||
|
|
||||||
|
if (sz > sizeof(file_data)) {
|
||||||
|
printf("Bad key size\n");
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
size_t readed = fread(&file_data, 1, sz, fs);
|
size_t readed = fread(&file_data, 1, sz, fs);
|
||||||
if (readed != sz) {
|
if (readed != sz) {
|
||||||
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
|
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ int main(int argc, char *argv[]) {
|
|||||||
|
|
||||||
int exitcode = 0;
|
int exitcode = 0;
|
||||||
const char progname[] = "inexact";
|
const char progname[] = "inexact";
|
||||||
const char ver[] = "beta 1.0";
|
const char ver[] = "beta 1.01";
|
||||||
FILE *fo = NULL;
|
FILE *fo = NULL;
|
||||||
|
|
||||||
int nerrors;
|
int nerrors;
|
||||||
|
|||||||
Reference in New Issue
Block a user