mirrors/minisign
1
0
Fork 0
mirror of https://github.com/jedisct1/minisign.git synced 2025-04-04 19:37:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

Bail out if fgets() output is not \n terminated when it should

Browse source 
Fixes #116
This commit is contained in:
Frank Denis 2022-02-20 10:50:37 +01:00
parent b81f3d4065
commit 4b2df2ee07
3 changed files with 17 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/helpers.c
View file

@ -151,16 +151,21 @@ xfclose(FILE *fp)
return 0; return 0;
} }
void int
trim(char *str) trim(char *str)
{ {
size_t i = strlen(str); size_t i = strlen(str);
int t = 0;
while (i-- > (size_t) 0U) { while (i-- > (size_t) 0U) {
if (str[i] == '\n' || str[i] == '\r') { if (str[i] == '\n') {
str[i] = 0;
t = 1;
} else if (str[i] == '\r') {
str[i] = 0; str[i] = 0;
} }
} }
return t;
} }
const char * const char *

2
src/helpers.h
View file

@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2,
int xfclose(FILE *fp); int xfclose(FILE *fp);
void trim(char *str); int trim(char *str);
const char *file_basename(const char *file); const char *file_basename(const char *file);

11
src/minisign.c
View file

@ -169,6 +169,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
if (fgets(comment, (int) sizeof comment, fp) == NULL) { if (fgets(comment, (int) sizeof comment, fp) == NULL) {
exit_msg("Error while reading the signature file"); exit_msg("Error while reading the signature file");
} }
if (trim(comment) == 0) {
exit_msg("Untrusted signature comment too long");
}
if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) { if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) {
exit_msg( exit_msg(
"Untrusted signature comment should start with " "Untrusted signature comment should start with "
@ -179,7 +182,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
if (fgets(sig_s, (int) sig_s_size, fp) == NULL) { if (fgets(sig_s, (int) sig_s_size, fp) == NULL) {
exit_msg("Error while reading the signature file"); exit_msg("Error while reading the signature file");
} }
trim(sig_s); if (trim(sig_s) == 0) {
exit_msg("Signature too long");
}
if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) { if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) {
exit_msg("Trusted comment not present"); exit_msg("Trusted comment not present");
} }
@ -192,7 +197,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
memmove(trusted_comment, memmove(trusted_comment,
trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U, trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U,
strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U); strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U);
trim(trusted_comment); if (trim(trusted_comment) == 0) {
exit_msg("Trusted comment too long");
}
global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U; global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
global_sig_s = xmalloc(global_sig_s_size); global_sig_s = xmalloc(global_sig_s_size);
if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) { if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {