mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-02 02:14:19 +01:00
Fix memory corruption in rsa sign/verify programs
We have no guarantee there is enough room in the argv strings. Fixes #210
This commit is contained in:
parent
8b2641d36f
commit
d74c697035
@ -35,6 +35,7 @@ Bugfix
|
|||||||
Aleksandrs Saveljevs) (#238)
|
Aleksandrs Saveljevs) (#238)
|
||||||
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
* Fix unused function warning when using MBEDTLS_MDx_ALT or
|
||||||
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
|
||||||
|
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* The PEM parser now accepts a trailing space at end of lines (#226).
|
* The PEM parser now accepts a trailing space at end of lines (#226).
|
||||||
|
@ -32,6 +32,7 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#define mbedtls_fprintf fprintf
|
#define mbedtls_fprintf fprintf
|
||||||
#define mbedtls_printf printf
|
#define mbedtls_printf printf
|
||||||
|
#define mbedtls_snprintf snprintf
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||||
@ -60,6 +61,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_rsa_context rsa;
|
mbedtls_rsa_context rsa;
|
||||||
unsigned char hash[20];
|
unsigned char hash[20];
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
|
char filename[512];
|
||||||
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
|
|
||||||
@ -135,11 +137,11 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write the signature into <filename>-sig.txt
|
* Write the signature into <filename>.sig
|
||||||
*/
|
*/
|
||||||
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
|
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||||
|
|
||||||
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
|
if( ( f = fopen( filename, "wb+" ) ) == NULL )
|
||||||
{
|
{
|
||||||
ret = 1;
|
ret = 1;
|
||||||
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
|
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
|
||||||
@ -152,7 +154,7 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
fclose( f );
|
fclose( f );
|
||||||
|
|
||||||
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
|
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
||||||
|
@ -31,6 +31,7 @@
|
|||||||
#else
|
#else
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#define mbedtls_printf printf
|
#define mbedtls_printf printf
|
||||||
|
#define mbedtls_snprintf snprintf
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||||
@ -59,6 +60,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_rsa_context rsa;
|
mbedtls_rsa_context rsa;
|
||||||
unsigned char hash[20];
|
unsigned char hash[20];
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||||
|
char filename[512];
|
||||||
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
if( argc != 2 )
|
if( argc != 2 )
|
||||||
@ -99,17 +101,15 @@ int main( int argc, char *argv[] )
|
|||||||
* Extract the RSA signature from the text file
|
* Extract the RSA signature from the text file
|
||||||
*/
|
*/
|
||||||
ret = 1;
|
ret = 1;
|
||||||
i = strlen( argv[1] );
|
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
|
||||||
memcpy( argv[1] + i, ".sig", 5 );
|
|
||||||
|
|
||||||
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
|
if( ( f = fopen( filename, "rb" ) ) == NULL )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
|
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
argv[1][i] = '\0', i = 0;
|
i = 0;
|
||||||
|
|
||||||
while( fscanf( f, "%02X", &c ) > 0 &&
|
while( fscanf( f, "%02X", &c ) > 0 &&
|
||||||
i < (int) sizeof( buf ) )
|
i < (int) sizeof( buf ) )
|
||||||
buf[i++] = (unsigned char) c;
|
buf[i++] = (unsigned char) c;
|
||||||
|
Loading…
Reference in New Issue
Block a user