diff options
author | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2013-03-10 10:36:58 +0000 |
---|---|---|
committer | Tobias Stoeckmann <tobias@cvs.openbsd.org> | 2013-03-10 10:36:58 +0000 |
commit | bb1c8a4eb2bc0fc2b747329c42942f3a4855f1b3 (patch) | |
tree | f7c63b3f1365c23fa665cdb9a7493f667fd73587 /usr.bin | |
parent | 12b9ce4018d8f8c9a2693f91ae2469d70e2f8f7b (diff) |
Prevent endless loop on input error.
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/gzsig/sign.c | 10 | ||||
-rw-r--r-- | usr.bin/gzsig/util.c | 13 | ||||
-rw-r--r-- | usr.bin/gzsig/util.h | 3 | ||||
-rw-r--r-- | usr.bin/gzsig/verify.c | 10 |
4 files changed, 24 insertions, 12 deletions
diff --git a/usr.bin/gzsig/sign.c b/usr.bin/gzsig/sign.c index 3b1040fc9e4..7795a85cb61 100644 --- a/usr.bin/gzsig/sign.c +++ b/usr.bin/gzsig/sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sign.c,v 1.12 2013/03/10 10:34:33 tobias Exp $ */ +/* $OpenBSD: sign.c,v 1.13 2013/03/10 10:36:57 tobias Exp $ */ /* * sign.c @@ -114,12 +114,12 @@ embed_signature(struct key *key, FILE *fin, FILE *fout) offset = ftell(fin); if (gh.flags & GZIP_FNAME) { - while (getc(fin) != '\0') - ; + if (skip_string(fin)) + return (-1); } if (gh.flags & GZIP_FCOMMENT) { - while (getc(fin) != '\0') - ; + if (skip_string(fin)) + return (-1); } if (gh.flags & GZIP_FENCRYPT) { if (fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN) diff --git a/usr.bin/gzsig/util.c b/usr.bin/gzsig/util.c index 970e8ca71aa..0a3d7343f4e 100644 --- a/usr.bin/gzsig/util.c +++ b/usr.bin/gzsig/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.3 2013/03/10 10:34:33 tobias Exp $ */ +/* $OpenBSD: util.c,v 1.4 2013/03/10 10:36:57 tobias Exp $ */ /* * util.c @@ -62,6 +62,17 @@ copy_permissions(int srcfd, int dstfd) return (0); } +int +skip_string(FILE *fin) +{ + int c; + + while ((c = getc(fin)) != '\0') + if (c == EOF) + return (-1); + return (0); +} + void fatal(int status, const char *fmt, ...) { diff --git a/usr.bin/gzsig/util.h b/usr.bin/gzsig/util.h index 87560599137..66e28703004 100644 --- a/usr.bin/gzsig/util.h +++ b/usr.bin/gzsig/util.h @@ -1,4 +1,4 @@ -/* $OpenBSD: util.h,v 1.3 2013/03/10 10:34:33 tobias Exp $ */ +/* $OpenBSD: util.h,v 1.4 2013/03/10 10:36:57 tobias Exp $ */ /* * util.h * @@ -35,6 +35,7 @@ #ifndef UTIL_H int copy_permissions(int srcfd, int dstfd); +int skip_string(FILE *fin); void fatal(int status, const char *fmt, ...); #endif /* UTIL_H */ diff --git a/usr.bin/gzsig/verify.c b/usr.bin/gzsig/verify.c index 60a82f4424a..f0e9373248c 100644 --- a/usr.bin/gzsig/verify.c +++ b/usr.bin/gzsig/verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verify.c,v 1.9 2013/03/09 22:36:44 jmc Exp $ */ +/* $OpenBSD: verify.c,v 1.10 2013/03/10 10:36:57 tobias Exp $ */ /* * verify.c @@ -105,12 +105,12 @@ verify_signature(struct key *key, FILE *fin) } /* Skip over any options. */ if (gh.flags & GZIP_FNAME) { - while (getc(fin) != '\0') - ; + if (skip_string(fin)) + return (-1); } if (gh.flags & GZIP_FCOMMENT) { - while (getc(fin) != '\0') - ; + if (skip_string(fin)) + return (-1); } if (gh.flags & GZIP_FENCRYPT && fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN) |