diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-01-19 23:20:31 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-01-19 23:20:31 +0000 |
| commit | fb123a662469600074ce2329d6208a62b251045c (patch) | |
| tree | 9c873ead885c77228bc1908b0560e41e5a45b811 /usr.bin/signify | |
| parent | 57ad4f5169a813a7eb53b59683d1a57e3737f1be (diff) | |
do not truncate strlcpy/snprintf, fail hard and proper
ok tedu
Diffstat (limited to 'usr.bin/signify')
| -rw-r--r-- | usr.bin/signify/signify.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 6467d30f688..c4da5a757fc 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.39 2014/01/19 18:39:34 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.40 2014/01/19 23:20:30 deraadt Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -145,8 +145,11 @@ parseb64file(const char *filename, char *b64, void *buf, size_t len, errx(1, "invalid comment in %s; must start with '%s'", filename, COMMENTHDR); *commentend = 0; - if (comment) - strlcpy(comment, b64 + COMMENTHDRLEN, COMMENTMAXLEN); + if (comment) { + if (strlcpy(comment, b64 + COMMENTHDRLEN, + COMMENTMAXLEN) >= COMMENTMAXLEN) + err(1, "comment too long"); + } b64end = strchr(commentend + 1, '\n'); if (!b64end) errx(1, "missing new line after b64 in %s", filename); @@ -235,7 +238,9 @@ writeb64file(const char *filename, const char *comment, const void *buf, int fd, rv; fd = xopen(filename, O_CREAT|flags|O_NOFOLLOW|O_WRONLY, mode); - snprintf(header, sizeof(header), "%s%s\n", COMMENTHDR, comment); + if (snprintf(header, sizeof(header), "%s%s\n", + COMMENTHDR, comment) >= sizeof(header)) + err(1, "comment too long"); writeall(fd, header, strlen(header), filename); if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1) errx(1, "b64 encode failed"); @@ -310,14 +315,18 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds, memset(digest, 0, sizeof(digest)); memset(xorkey, 0, sizeof(xorkey)); - snprintf(commentbuf, sizeof(commentbuf), "%s secret key", comment); + if (snprintf(commentbuf, sizeof(commentbuf), "%s secret key", + comment) >= sizeof(commentbuf)) + err(1, "comment too long"); writeb64file(seckeyfile, commentbuf, &enckey, sizeof(enckey), O_EXCL, 0600); memset(&enckey, 0, sizeof(enckey)); memcpy(pubkey.pkalg, PKALG, 2); memcpy(pubkey.fingerprint, fingerprint, FPLEN); - snprintf(commentbuf, sizeof(commentbuf), "%s public key", comment); + if (snprintf(commentbuf, sizeof(commentbuf), "%s public key", + comment) >= sizeof(commentbuf)) + err(1, "comment too long"); writeb64file(pubkeyfile, commentbuf, &pubkey, sizeof(pubkey), O_EXCL, 0666); } @@ -359,7 +368,9 @@ sign(const char *seckeyfile, const char *msgfile, const char *sigfile, memset(&enckey, 0, sizeof(enckey)); memcpy(sig.pkalg, PKALG, 2); - snprintf(sigcomment, sizeof(sigcomment), "signature from %s", comment); + if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s", + comment) >= sizeof(sigcomment)) + err(1, "comment too long"); writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666); if (embedded) appendall(sigfile, msg, msglen); |