diff options
| -rw-r--r-- | src/inexact.c | 16 | ||||
| -rw-r--r-- | src/main.c | 2 |
2 files changed, 15 insertions, 3 deletions
diff --git a/src/inexact.c b/src/inexact.c index 231eb3f..16d6175 100644 --- a/src/inexact.c +++ b/src/inexact.c @@ -6,8 +6,9 @@ * and related and neighboring rights to this software to the public domain * worldwide. This software is distributed without any warranty. * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. + * You should have received a copy of the CC0 Public Domain Dedication along + * with this software. If not, see + * <http://creativecommons.org/publicdomain/zero/1.0/>. */ #include "inexact.h" @@ -293,6 +294,11 @@ int get_seckey(const char *keyfile, unsigned char *skey, unsigned char *pkey) { /* max_size = base64(sizeof(curve25519_key)) = 64 * 4 / 3 + 1 -> 86 */ unsigned char file_data[87] = {0}; + if (sz > sizeof(file_data)) { + printf("Bad key size\n"); + goto exit; + } + size_t readed = fread(&file_data, 1, sz, fs); if (readed != sz) { printf("read file '%s' failed: %s.\n", keyfile, strerror(errno)); @@ -418,6 +424,12 @@ int get_pubkey(const char *keyfile, unsigned char *pkey) { /* max_size = base64(sizeof(curve25519_key)) = 32 * 4 / 3 + 1 -> 44 */ unsigned char file_data[44] = {0}; + + if (sz > sizeof(file_data)) { + printf("Bad key size\n"); + goto exit; + } + size_t readed = fread(&file_data, 1, sz, fs); if (readed != sz) { printf("read file '%s' failed: %s.\n", keyfile, strerror(errno)); @@ -53,7 +53,7 @@ int main(int argc, char *argv[]) { int exitcode = 0; const char progname[] = "inexact"; - const char ver[] = "beta 1.0"; + const char ver[] = "beta 1.01"; FILE *fo = NULL; int nerrors; |