Fix memory corruption in rsa sign/verify programs

backport from d74c697 see #210
2024-11-22 22:55:39 +01:00 · 2015-08-31 11:30:07 +02:00 · 2015-08-31 11:30:07 +02:00 · 6432c7e782
commit 6432c7e782
parent e217ceea38
3 changed files with 12 additions and 11 deletions
--- a/1
+++ b/1
@ -11,6 +11,7 @@ Bugfix
   * Fix -Wshadow warnings (found by hnrkp) (#240)
   * Fix unused function warning when using MBEDTLS_MDx_ALT or
     MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
+   * Fix memory corruption in pkey programs (found by yankuncheng) (#210)

 = mbed TLS 1.3.12 released 2015-08-11

--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@ -60,6 +60,7 @@ int main( int argc, char *argv[] )
    rsa_context rsa;
    unsigned char hash[20];
    unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+    char filename[512];

    ret = 1;

@ -133,14 +134,14 @@ int main( int argc, char *argv[] )
    }

    /*
-     * Write the signature into <filename>-sig.txt
+     * Write the signature into <filename>.sig
     */
-    memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
+    snprintf( filename, sizeof( filename ), "%s.sig", argv[1] );

-    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+    if( ( f = fopen( filename, "wb+" ) ) == NULL )
    {
        ret = 1;
-        polarssl_printf( " failed\n  ! Could not create %s\n\n", argv[1] );
+        polarssl_printf( " failed\n  ! Could not create %s\n\n", filename );
        goto exit;
    }

@ -150,7 +151,7 @@ int main( int argc, char *argv[] )

    fclose( f );

-    polarssl_printf( "\n  . Done (created \"%s\")\n\n", argv[1] );
+    polarssl_printf( "\n  . Done (created \"%s\")\n\n", filename );

 exit:

--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@ -59,6 +59,7 @@ int main( int argc, char *argv[] )
    rsa_context rsa;
    unsigned char hash[20];
    unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+    char filename[512];

    ret = 1;
    if( argc != 2 )
@ -99,17 +100,15 @@ int main( int argc, char *argv[] )
     * Extract the RSA signature from the text file
     */
    ret = 1;
-    i = strlen( argv[1] );
-    memcpy( argv[1] + i, ".sig", 5 );
+    snprintf( filename, sizeof( filename ), "%s.sig", argv[1] );

-    if( ( f = fopen( argv[1], "rb" ) ) == NULL )
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
    {
-        polarssl_printf( "\n  ! Could not open %s\n\n", argv[1] );
+        polarssl_printf( "\n  ! Could not open %s\n\n", filename );
        goto exit;
    }

-    argv[1][i] = '\0', i = 0;
-
+    i = 0;
    while( fscanf( f, "%02X", &c ) > 0 &&
           i < (int) sizeof( buf ) )
        buf[i++] = (unsigned char) c;