Fix memory corruption in rsa sign/verify programs

We have no guarantee there is enough room in the argv strings.

Fixes #210
This commit is contained in:
Manuel Pégourié-Gonnard 2015-08-27 21:39:40 +02:00
parent 8b2641d36f
commit d74c697035
3 changed files with 13 additions and 10 deletions

View file

@ -35,6 +35,7 @@ Bugfix
Aleksandrs Saveljevs) (#238)
* Fix unused function warning when using MBEDTLS_MDx_ALT or
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
Changes
* The PEM parser now accepts a trailing space at end of lines (#226).

View file

@ -32,6 +32,7 @@
#include <stdio.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -60,6 +61,7 @@ int main( int argc, char *argv[] )
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1;
@ -135,11 +137,11 @@ int main( int argc, char *argv[] )
}
/*
* Write the signature into <filename>-sig.txt
* Write the signature into <filename>.sig
*/
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
@ -152,7 +154,7 @@ int main( int argc, char *argv[] )
fclose( f );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:

View file

@ -31,6 +31,7 @@
#else
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -59,6 +60,7 @@ int main( int argc, char *argv[] )
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1;
if( argc != 2 )
@ -99,17 +101,15 @@ int main( int argc, char *argv[] )
* Extract the RSA signature from the text file
*/
ret = 1;
i = strlen( argv[1] );
memcpy( argv[1] + i, ".sig", 5 );
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
argv[1][i] = '\0', i = 0;
i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;