diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-10-09 21:46:42 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-10-09 21:46:44 +0200 |
| commit | daad5b9ba054e17d8bcfb0b8c76d67dc19c64e0e (patch) | |
| tree | 776eca9d38a23456756b39fc7c4e1fb10996d88e /src | |
| parent | c02b6c61959c25c685442b56e1337c09437a3d11 (diff) | |
| download | gnutls-daad5b9ba054e17d8bcfb0b8c76d67dc19c64e0e.tar.gz | |
Corrected possible buffer overruns in included programs and examples.
Corrected possible buffer overruns in included programs and examples.
Reported by Pedro Ribeiro <pedrib@gmail.com>.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common.c | 11 | ||||
| -rw-r--r-- | src/psk.c | 6 | ||||
| -rw-r--r-- | src/srptool.c | 6 |
3 files changed, 15 insertions, 8 deletions
diff --git a/src/common.c b/src/common.c index cdbb25219a..d4331f8428 100644 --- a/src/common.c +++ b/src/common.c @@ -1045,12 +1045,19 @@ pin_callback (void *user, int attempt, const char *token_url, exit (1); } - len = MIN (pin_max, strlen (password)); + len = 1 + MIN (pin_max, strlen (password)); memcpy (pin, password, len); pin[len] = 0; /* cache */ - strcpy (cached_pin, pin); + if (len < sizeof(cached_pin)) + { + memcpy (cached_pin, pin, len); + cached_pin[len] = 0; + } + else + cached_pin[0] = 0; + free (cached_url); if (token_url) cached_url = strdup (token_url); @@ -204,13 +204,13 @@ write_key (const char *username, const char *key, int key_size, FILE *fd2; int put; - if (strlen (passwd_file) > sizeof (tmpname) + 5) + if (strlen (passwd_file) + 5 > sizeof (tmpname)) { fprintf (stderr, "file '%s' is tooooo long\n", passwd_file); return -1; } - strcpy (tmpname, passwd_file); - strcat (tmpname, ".tmp"); + + snprintf (tmpname, sizeof(tmpname), "%s.tmp", passwd_file); if (stat (tmpname, &st) != -1) { diff --git a/src/srptool.c b/src/srptool.c index f50264cc91..5fcd17eaab 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -602,13 +602,13 @@ crypt_int (const char *username, const char *passwd, int salt_size, FILE *fd2; int put; - if (strlen (tpasswd) > sizeof (tmpname) + 5) + if (strlen (tpasswd) + 5 > sizeof (tmpname)) { fprintf (stderr, "file '%s' is tooooo long\n", tpasswd); return -1; } - strcpy (tmpname, tpasswd); - strcat (tmpname, ".tmp"); + + snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd); if (stat (tmpname, &st) != -1) { |