From 4b2df2ee07c13852b62fa17a47f9fff1dcd140bf Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 20 Feb 2022 10:50:37 +0100
Subject: [PATCH] Bail out if fgets() output is not \n terminated when it
 should

Fixes #116
---
 src/helpers.c  |  9 +++++++--
 src/helpers.h  |  2 +-
 src/minisign.c | 11 +++++++++--
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/helpers.c b/src/helpers.c
index 073fe4a..a151603 100644
--- a/src/helpers.c
+++ b/src/helpers.c
@@ -151,16 +151,21 @@ xfclose(FILE *fp)
     return 0;
 }
 
-void
+int
 trim(char *str)
 {
     size_t i = strlen(str);
+    int    t = 0;
 
     while (i-- > (size_t) 0U) {
-        if (str[i] == '\n' || str[i] == '\r') {
+        if (str[i] == '\n') {
+            str[i] = 0;
+            t = 1;
+        } else if (str[i] == '\r') {
             str[i] = 0;
         }
     }
+    return t;
 }
 
 const char *
diff --git a/src/helpers.h b/src/helpers.h
index a97ff60..ec76326 100644
--- a/src/helpers.h
+++ b/src/helpers.h
@@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2,
 
 int xfclose(FILE *fp);
 
-void trim(char *str);
+int trim(char *str);
 
 const char *file_basename(const char *file);
 
diff --git a/src/minisign.c b/src/minisign.c
index 145dfe5..83672da 100644
--- a/src/minisign.c
+++ b/src/minisign.c
@@ -169,6 +169,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
     if (fgets(comment, (int) sizeof comment, fp) == NULL) {
         exit_msg("Error while reading the signature file");
     }
+    if (trim(comment) == 0) {
+        exit_msg("Untrusted signature comment too long");
+    }
     if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) {
         exit_msg(
             "Untrusted signature comment should start with "
@@ -179,7 +182,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
     if (fgets(sig_s, (int) sig_s_size, fp) == NULL) {
         exit_msg("Error while reading the signature file");
     }
-    trim(sig_s);
+    if (trim(sig_s) == 0) {
+        exit_msg("Signature too long");
+    }
     if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) {
         exit_msg("Trusted comment not present");
     }
@@ -192,7 +197,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
     memmove(trusted_comment,
             trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U,
             strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U);
-    trim(trusted_comment);
+    if (trim(trusted_comment) == 0) {
+        exit_msg("Trusted comment too long");
+    }
     global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
     global_sig_s      = xmalloc(global_sig_s_size);
     if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {