Bail out if fgets() output is not \n terminated when it should

Fixes #116
2025-04-04 19:37:48 +03:00 · 2022-02-20 10:50:37 +01:00 · 2022-02-20 10:50:37 +01:00 · 4b2df2ee07
commit 4b2df2ee07
parent b81f3d4065
3 changed files with 17 additions and 5 deletions
--- a/src/helpers.c
+++ b/src/helpers.c
@ -151,16 +151,21 @@ xfclose(FILE *fp)
    return 0;
 }

-void
+int
 trim(char *str)
 {
    size_t i = strlen(str);
+    int    t = 0;

    while (i-- > (size_t) 0U) {
-        if (str[i] == '\n' || str[i] == '\r') {
+        if (str[i] == '\n') {
+            str[i] = 0;
+            t = 1;
+        } else if (str[i] == '\r') {
            str[i] = 0;
        }
    }
+    return t;
 }

 const char *
--- a/src/helpers.h
+++ b/src/helpers.h
@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2,

 int xfclose(FILE *fp);

-void trim(char *str);
+int trim(char *str);

 const char *file_basename(const char *file);

--- a/src/minisign.c
+++ b/src/minisign.c
@ -169,6 +169,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
    if (fgets(comment, (int) sizeof comment, fp) == NULL) {
        exit_msg("Error while reading the signature file");
    }
+    if (trim(comment) == 0) {
+        exit_msg("Untrusted signature comment too long");
+    }
    if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) {
        exit_msg(
            "Untrusted signature comment should start with "
@ -179,7 +182,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
    if (fgets(sig_s, (int) sig_s_size, fp) == NULL) {
        exit_msg("Error while reading the signature file");
    }
-    trim(sig_s);
+    if (trim(sig_s) == 0) {
+        exit_msg("Signature too long");
+    }
    if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) {
        exit_msg("Trusted comment not present");
    }
@ -192,7 +197,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
    memmove(trusted_comment,
            trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U,
            strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U);
-    trim(trusted_comment);
+    if (trim(trusted_comment) == 0) {
+        exit_msg("Trusted comment too long");
+    }
    global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
    global_sig_s      = xmalloc(global_sig_s_size);
    if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {