From: Nikos Mavrogiannopoulos Date: Wed, 9 Oct 2013 19:46:42 +0000 (+0200) Subject: Corrected possible buffer overruns in included programs and examples. X-Git-Tag: gnutls_3_2_5~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daad5b9ba054e17d8bcfb0b8c76d67dc19c64e0e;p=thirdparty%2Fgnutls.git Corrected possible buffer overruns in included programs and examples. Corrected possible buffer overruns in included programs and examples. Reported by Pedro Ribeiro . --- diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index fb902be891..5aaba6d309 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -63,7 +63,7 @@ pin_callback (void *user, int attempt, const char *token_url, exit (1); } - len = MIN (pin_max, strlen (password)); + len = 1 + MIN (pin_max, strlen (password)); memcpy (pin, password, len); pin[len] = 0; diff --git a/src/common.c b/src/common.c index cdbb25219a..d4331f8428 100644 --- a/src/common.c +++ b/src/common.c @@ -1045,12 +1045,19 @@ pin_callback (void *user, int attempt, const char *token_url, exit (1); } - len = MIN (pin_max, strlen (password)); + len = 1 + MIN (pin_max, strlen (password)); memcpy (pin, password, len); pin[len] = 0; /* cache */ - strcpy (cached_pin, pin); + if (len < sizeof(cached_pin)) + { + memcpy (cached_pin, pin, len); + cached_pin[len] = 0; + } + else + cached_pin[0] = 0; + free (cached_url); if (token_url) cached_url = strdup (token_url); diff --git a/src/psk.c b/src/psk.c index beb872c3f3..51bba1c086 100644 --- a/src/psk.c +++ b/src/psk.c @@ -204,13 +204,13 @@ write_key (const char *username, const char *key, int key_size, FILE *fd2; int put; - if (strlen (passwd_file) > sizeof (tmpname) + 5) + if (strlen (passwd_file) + 5 > sizeof (tmpname)) { fprintf (stderr, "file '%s' is tooooo long\n", passwd_file); return -1; } - strcpy (tmpname, passwd_file); - strcat (tmpname, ".tmp"); + + snprintf (tmpname, sizeof(tmpname), "%s.tmp", passwd_file); if (stat (tmpname, &st) != -1) { diff --git a/src/srptool.c b/src/srptool.c index f50264cc91..5fcd17eaab 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -602,13 +602,13 @@ crypt_int (const char *username, const char *passwd, int salt_size, FILE *fd2; int put; - if (strlen (tpasswd) > sizeof (tmpname) + 5) + if (strlen (tpasswd) + 5 > sizeof (tmpname)) { fprintf (stderr, "file '%s' is tooooo long\n", tpasswd); return -1; } - strcpy (tmpname, tpasswd); - strcat (tmpname, ".tmp"); + + snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd); if (stat (tmpname, &st) != -1) {