Fix memory corruption in rsa sign/verify programs
We have no guarantee there is enough room in the argv strings.
Fixes #210
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index fefc6e0..63cc17c 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -31,6 +31,7 @@
#else
#include <stdio.h>
#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@@ -59,6 +60,7 @@
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
ret = 1;
if( argc != 2 )
@@ -99,17 +101,15 @@
* Extract the RSA signature from the text file
*/
ret = 1;
- i = strlen( argv[1] );
- memcpy( argv[1] + i, ".sig", 5 );
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
- if( ( f = fopen( argv[1], "rb" ) ) == NULL )
+ if( ( f = fopen( filename, "rb" ) ) == NULL )
{
- mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
+ mbedtls_printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
- argv[1][i] = '\0', i = 0;
-
+ i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;