aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorben2019-05-28 09:25:58 +0200
committerben2019-05-28 09:29:11 +0200
commit1cad5dfaab8712d3ad39470c67e968158198b4e9 (patch)
tree1d10e318c8b52441fc47e7ba22c3c16b4c80f979
parent90820c66ac7fb746ebd6f90877c99af77710a03c (diff)
downloadinexact-1cad5dfaab8712d3ad39470c67e968158198b4e9.zip
inexact-1cad5dfaab8712d3ad39470c67e968158198b4e9.tar.gz
[security] Fix buffer overflow.beta_1.01
-rw-r--r--src/inexact.c16
-rw-r--r--src/main.c2
2 files changed, 15 insertions, 3 deletions
diff --git a/src/inexact.c b/src/inexact.c
index 231eb3f..16d6175 100644
--- a/src/inexact.c
+++ b/src/inexact.c
@@ -6,8 +6,9 @@
* and related and neighboring rights to this software to the public domain
* worldwide. This software is distributed without any warranty.
*
- * You should have received a copy of the CC0 Public Domain Dedication along with
- * this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
*/
#include "inexact.h"
@@ -293,6 +294,11 @@ int get_seckey(const char *keyfile, unsigned char *skey, unsigned char *pkey) {
/* max_size = base64(sizeof(curve25519_key)) = 64 * 4 / 3 + 1 -> 86 */
unsigned char file_data[87] = {0};
+ if (sz > sizeof(file_data)) {
+ printf("Bad key size\n");
+ goto exit;
+ }
+
size_t readed = fread(&file_data, 1, sz, fs);
if (readed != sz) {
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
@@ -418,6 +424,12 @@ int get_pubkey(const char *keyfile, unsigned char *pkey) {
/* max_size = base64(sizeof(curve25519_key)) = 32 * 4 / 3 + 1 -> 44 */
unsigned char file_data[44] = {0};
+
+ if (sz > sizeof(file_data)) {
+ printf("Bad key size\n");
+ goto exit;
+ }
+
size_t readed = fread(&file_data, 1, sz, fs);
if (readed != sz) {
printf("read file '%s' failed: %s.\n", keyfile, strerror(errno));
diff --git a/src/main.c b/src/main.c
index 46a5277..c2a21c4 100644
--- a/src/main.c
+++ b/src/main.c
@@ -53,7 +53,7 @@ int main(int argc, char *argv[]) {
int exitcode = 0;
const char progname[] = "inexact";
- const char ver[] = "beta 1.0";
+ const char ver[] = "beta 1.01";
FILE *fo = NULL;
int nerrors;