TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 6432c7e78257c85637e8c41d4008ba18ddccca0d^! / . / programs
commit6432c7e78257c85637e8c41d4008ba18ddccca0d[log] [tgz]
authorManuel Pégourié-Gonnard <mpg2@elzevir.fr>Mon Aug 31 11:30:07 2015 +0200
committerManuel Pégourié-Gonnard <mpg2@elzevir.fr>Mon Aug 31 11:30:07 2015 +0200
treefa5c32bd9f582807bc0f91e0972fed57d1f93cf7
parente217ceea38725a861870ed67a1ddf6aefd4eb813 [diff]
Fix memory corruption in rsa sign/verify programs

backport from d74c697

see #210

diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index d9a9a6e..63ef822 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c

@@ -60,6 +60,7 @@
     rsa_context rsa;
     unsigned char hash[20];
     unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+    char filename[512];
 
     ret = 1;
 
@@ -133,14 +134,14 @@
     }
 
     /*
-     * Write the signature into <filename>-sig.txt
+     * Write the signature into <filename>.sig
      */
-    memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
+    snprintf( filename, sizeof( filename ), "%s.sig", argv[1] );
 
-    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+    if( ( f = fopen( filename, "wb+" ) ) == NULL )
     {
         ret = 1;
-        polarssl_printf( " failed\n  ! Could not create %s\n\n", argv[1] );
+        polarssl_printf( " failed\n  ! Could not create %s\n\n", filename );
         goto exit;
     }
 
@@ -150,7 +151,7 @@
 
     fclose( f );
 
-    polarssl_printf( "\n  . Done (created \"%s\")\n\n", argv[1] );
+    polarssl_printf( "\n  . Done (created \"%s\")\n\n", filename );
 
 exit:
 

diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 374a5f1..022ef33 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c

@@ -59,6 +59,7 @@
     rsa_context rsa;
     unsigned char hash[20];
     unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+    char filename[512];
 
     ret = 1;
     if( argc != 2 )
@@ -99,17 +100,15 @@
      * Extract the RSA signature from the text file
      */
     ret = 1;
-    i = strlen( argv[1] );
-    memcpy( argv[1] + i, ".sig", 5 );
+    snprintf( filename, sizeof( filename ), "%s.sig", argv[1] );
 
-    if( ( f = fopen( argv[1], "rb" ) ) == NULL )
+    if( ( f = fopen( filename, "rb" ) ) == NULL )
     {
-        polarssl_printf( "\n  ! Could not open %s\n\n", argv[1] );
+        polarssl_printf( "\n  ! Could not open %s\n\n", filename );
         goto exit;
     }
 
-    argv[1][i] = '\0', i = 0;
-
+    i = 0;
     while( fscanf( f, "%02X", &c ) > 0 &&
            i < (int) sizeof( buf ) )
         buf[i++] = (unsigned char) c;