Fix memory corruption in rsa sign/verify programs
We have no guarantee there is enough room in the argv strings.
Fixes #210
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index d86fe3a..3ff411a 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -32,6 +32,7 @@
#include <stdio.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@@ -60,6 +61,7 @@
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
ret = 1;
@@ -135,11 +137,11 @@
}
/*
- * Write the signature into <filename>-sig.txt
+ * Write the signature into <filename>.sig
*/
- memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
- if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+ if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
@@ -152,7 +154,7 @@
fclose( f );
- mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit: