[FIX] Improve code security by prevent buffer overflow.
This commit is contained in:
61
src/main.c
61
src/main.c
@@ -28,6 +28,8 @@ struct arg_file *seckey, *pubkey, *infile, *outfile;
|
||||
struct arg_end *end;
|
||||
struct arg_int *taglen, *noncelen, *cipherlen;
|
||||
|
||||
int file_exist (const char *filename);
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
/* the global arg_xxx structs are initialised within the argtable */
|
||||
void *argtable[] = {
|
||||
@@ -53,7 +55,7 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
int exitcode = 0;
|
||||
const char progname[] = "inexact";
|
||||
const char ver[] = "beta 1.01";
|
||||
const char ver[] = "beta 1.02";
|
||||
FILE *fo = NULL;
|
||||
|
||||
int nerrors;
|
||||
@@ -186,7 +188,7 @@ int main(int argc, char *argv[]) {
|
||||
exitcode = 1;
|
||||
goto exit;
|
||||
}
|
||||
if (access(seckey->filename[0], F_OK) != -1) {
|
||||
if (file_exist(seckey->filename[0]) == 1) {
|
||||
char ch;
|
||||
printf("Overwrite '%s' ? ", seckey->filename[0]);
|
||||
int res = scanf("%c", &ch);
|
||||
@@ -195,7 +197,7 @@ int main(int argc, char *argv[]) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
if (access(pubkey->filename[0], F_OK) != -1) {
|
||||
if (file_exist(pubkey->filename[0]) == 1) {
|
||||
char ch;
|
||||
printf("Overwrite '%s' ? ", pubkey->filename[0]);
|
||||
int res = scanf(" %c", &ch);
|
||||
@@ -245,7 +247,7 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
data[len - 1] = '\0';
|
||||
data_len = len - 1;
|
||||
} else if (access(infile->filename[0], F_OK) == -1) {
|
||||
} else if (file_exist(infile->filename[0]) == 0) {
|
||||
printf("Input file '%s' not found.\n", infile->filename[0]);
|
||||
exitcode = 1;
|
||||
goto exit;
|
||||
@@ -379,7 +381,8 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
int base64_transformation = (base64->count == 0);
|
||||
if (cipherlen->count == 1) {
|
||||
if (dencrypt->count == 0 || noncelen->count == 1 || base64->count == 1) {
|
||||
if (dencrypt->count == 0 || noncelen->count == 1 ||
|
||||
base64->count == 1) {
|
||||
printf("Invalid options.\n");
|
||||
printf("Try '%s --help' for more information.\n", progname);
|
||||
exitcode = 1;
|
||||
@@ -395,7 +398,7 @@ int main(int argc, char *argv[]) {
|
||||
total_encrypted_len - rand_nonce_len;
|
||||
|
||||
if (symmetric->count == 1) {
|
||||
total_encrypted_len_without_rand1 =
|
||||
total_encrypted_len_without_rand1 =
|
||||
total_encrypted_len_without_rand1 + 64;
|
||||
}
|
||||
|
||||
@@ -417,8 +420,8 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
if (weak->count == 1) {
|
||||
if (dencrypt->count == 0 || noncelen->count == 1 || taglen->count == 1 ||
|
||||
cipherlen->count == 1) {
|
||||
if (dencrypt->count == 0 || noncelen->count == 1 ||
|
||||
taglen->count == 1 || cipherlen->count == 1) {
|
||||
printf("Invalid options.\n");
|
||||
printf("Try '%s --help' for more information.\n", progname);
|
||||
exitcode = 1;
|
||||
@@ -428,10 +431,16 @@ int main(int argc, char *argv[]) {
|
||||
auth_tag_len = 4;
|
||||
}
|
||||
|
||||
unsigned char *secretkey = malloc(32);
|
||||
unsigned char *publickey = malloc(32);
|
||||
unsigned char *salt = malloc(32);
|
||||
if (secretkey == NULL || publickey == NULL || salt == NULL) {
|
||||
printf("Malloc failed\n");
|
||||
exitcode = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (dencrypt->count == 1) {
|
||||
unsigned char secretkey[32] = {0};
|
||||
unsigned char publickey[32] = {0};
|
||||
unsigned char salt[32] = {0};
|
||||
unsigned char *psalt = NULL;
|
||||
|
||||
if (symmetric->count == 1) {
|
||||
@@ -442,7 +451,7 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
psalt = &salt[0];
|
||||
} else {
|
||||
if (access(seckey->filename[0], F_OK) == -1) {
|
||||
if (file_exist(seckey->filename[0]) == 0) {
|
||||
printf("Secret key file '%s' not found.\n",
|
||||
seckey->filename[0]);
|
||||
exitcode = 1;
|
||||
@@ -453,7 +462,7 @@ int main(int argc, char *argv[]) {
|
||||
exitcode = 1;
|
||||
goto exit;
|
||||
}
|
||||
if (access(pubkey->filename[0], F_OK) == -1) {
|
||||
if (file_exist(pubkey->filename[0]) == 0) {
|
||||
printf("Public key file '%s' not found.\n",
|
||||
pubkey->filename[0]);
|
||||
exitcode = 1;
|
||||
@@ -487,9 +496,6 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
if (ddecrypt->count == 1) {
|
||||
unsigned char secretkey[32] = {0};
|
||||
unsigned char publickey[32] = {0};
|
||||
|
||||
if (base64->count == 1) {
|
||||
printf("Invalid options.\n");
|
||||
printf("Try '%s --help' for more information.\n", progname);
|
||||
@@ -503,7 +509,7 @@ int main(int argc, char *argv[]) {
|
||||
goto exit;
|
||||
}
|
||||
} else {
|
||||
if (access(seckey->filename[0], F_OK) == -1) {
|
||||
if (file_exist(seckey->filename[0]) == 0) {
|
||||
printf("Secret key file '%s' not found.\n",
|
||||
seckey->filename[0]);
|
||||
exitcode = 1;
|
||||
@@ -514,7 +520,7 @@ int main(int argc, char *argv[]) {
|
||||
exitcode = 1;
|
||||
goto exit;
|
||||
}
|
||||
if (access(pubkey->filename[0], F_OK) == -1) {
|
||||
if (file_exist(pubkey->filename[0]) == 0) {
|
||||
printf("Public key file '%s' not found.\n",
|
||||
pubkey->filename[0]);
|
||||
exitcode = 1;
|
||||
@@ -542,8 +548,12 @@ int main(int argc, char *argv[]) {
|
||||
memset(decrypted, 0, decrypted_len);
|
||||
memset(secretkey, 0, 32);
|
||||
memset(publickey, 0, 32);
|
||||
memset(salt, 0, 32);
|
||||
memset(data, 0, data_len);
|
||||
free(decrypted);
|
||||
free(secretkey);
|
||||
free(salt);
|
||||
free(publickey);
|
||||
}
|
||||
|
||||
exit:
|
||||
@@ -553,3 +563,18 @@ exit:
|
||||
arg_freetable(argtable, sizeof(argtable) / sizeof(argtable[0]));
|
||||
return exitcode;
|
||||
}
|
||||
|
||||
int file_exist(const char *filename) {
|
||||
int exist = 0;
|
||||
FILE *file;
|
||||
if ((file = fopen(filename, "r")) == NULL) {
|
||||
if (errno != ENOENT) {
|
||||
printf("Some other error occured");
|
||||
}
|
||||
} else {
|
||||
exist = 1;
|
||||
fclose(file);
|
||||
}
|
||||
return exist;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user