diff options
author | Denis Pynkin <denis.pynkin@collabora.com> | 2020-06-17 16:28:32 +0300 |
---|---|---|
committer | Denis Pynkin <denis.pynkin@collabora.com> | 2020-06-17 19:44:56 +0300 |
commit | ce73876389a062dbf169e4231f507200b05ee41b (patch) | |
tree | 13dd31bef92605e18dc79002b042e4054bcb2add | |
parent | b2dde24f00699822c27b4ab453a4340ddc3c2245 (diff) | |
download | ostree-ce73876389a062dbf169e4231f507200b05ee41b.tar.gz |
sign/ed25519: fix the abort in case of incorrect public key
We need to check the size of public key before trying to use it.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
-rw-r--r-- | src/libostree/ostree-sign-ed25519.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index 05fbe5eb..0aaad189 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -415,12 +415,12 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self, return glnx_throw (error, "Unknown ed25519 public key type"); } - g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); - g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); - if (n_elements != crypto_sign_PUBLICKEYBYTES) return glnx_throw (error, "Incorrect ed25519 public key"); + g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); + g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); + if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL) { gpointer newkey = g_memdup (key, n_elements); @@ -449,14 +449,14 @@ _ed25519_add_revoked (OstreeSign *self, gsize n_elements = 0; gpointer key = g_base64_decode (rk_ascii, &n_elements); - g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); - g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); - if (n_elements != crypto_sign_PUBLICKEYBYTES) { return glnx_throw (error, "Incorrect ed25519 revoked key"); } + g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); + g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); + if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL) { gpointer newkey = g_memdup (key, n_elements); |