diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-11-02 13:50:27 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-11-02 13:50:27 +0000 |
commit | 4511d0cebd3b37d7878139fd9c6e2fda68707169 (patch) | |
tree | 8c95827db178738d28171e653e2b97929f0e68fe | |
parent | a1583a12e7f4728c315a2ef99ded8200e25b4884 (diff) | |
parent | 9728b396db737987bbd3a1d1e4a17449b6b928fc (diff) | |
download | gnutls-4511d0cebd3b37d7878139fd9c6e2fda68707169.tar.gz |
Merge branch 'wip/dueno/psktool-realloc' into 'master'
psktool: Fix hex-encoding logic of username
See merge request gnutls/gnutls!1349
-rw-r--r-- | src/psk.c | 15 | ||||
-rwxr-xr-x | tests/psktool.sh | 32 |
2 files changed, 41 insertions, 6 deletions
@@ -58,6 +58,7 @@ int main(int argc, char **argv) #include <minmax.h> #include "close-stream.h" #include "getpass.h" +#include "xsize.h" static int write_key(const char *username, const unsigned char *key, size_t key_size, @@ -217,6 +218,7 @@ write_key(const char *username, const unsigned char *key, size_t key_size, /* encode username if it contains special characters */ if (strcspn(username, ":\n") != strlen(username)) { char *new_data; + size_t new_size; tmp.data = (void *)username; tmp.size = strlen(username); @@ -229,16 +231,21 @@ write_key(const char *username, const unsigned char *key, size_t key_size, } /* prepend '#' */ - new_data = gnutls_realloc(_username.data, _username.size + 2); + new_size = xsum(_username.size, 2); + if (size_overflow_p(new_size)) { + ret = -1; + goto out; + } + new_data = gnutls_realloc(_username.data, new_size); if (!new_data) { ret = -1; goto out; } - memmove(_username.data + 1, _username.data, _username.size); + memmove(new_data + 1, new_data, _username.size); new_data[0] = '#'; - new_data[_username.size] = '\0'; + new_data[_username.size + 1] = '\0'; _username.data = (void *)new_data; - _username.size += 1; + _username.size = new_size - 1; } else { _username.data = (void *)strdup(username); _username.size = strlen(username); diff --git a/tests/psktool.sh b/tests/psktool.sh index 9e81d01718..9d0e081296 100755 --- a/tests/psktool.sh +++ b/tests/psktool.sh @@ -41,7 +41,7 @@ fi echo "Checking PSK tool basic operations" # echo create a user and check whether a key is available -"${PSKTOOL}" -p ${TMPFILE} -u test +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u test if test $? != 0;then echo "password generation failed..." exit 1 @@ -63,7 +63,7 @@ fi # Create second user and check whether both exist -"${PSKTOOL}" -p ${TMPFILE} -u user2 +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user2 if test $? != 0;then echo "password generation failed..." exit 1 @@ -81,6 +81,34 @@ if test $? != 0;then exit 1 fi +# Create third user with a special character in username + +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user:3 +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +grep '#757365723a33:' ${TMPFILE} >/dev/null 2>&1 +if test $? != 0;then + echo "could not find third generated user..." + exit 1 +fi + +# Modify the third user password + +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user:3 +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +matches=`grep '#757365723a33:' ${TMPFILE} 2>/dev/null | wc -l` +if test $matches != 1;then + echo "duplicate entry for third generated user..." + exit 1 +fi + rm -f $TMPFILE exit 0 |