Commit 0c84b674 authored by Cody Cutler's avatar Cody Cutler Committed by Mike Hibler
Browse files

Fix buffer overflow in secure state verification

Now let's not worry about who put it there; the important part is that
it is fixed.
(cherry picked from commit 0c9cb66d262568f076a0ec1806e5edc56c6e38a5)
parent e16f4a1f
......@@ -5197,7 +5197,7 @@ COMMAND_PROTOTYPE(dosecurestate)
char quote[1024];
char pcomp[1024];
unsigned char quote_bin[256];
unsigned char pcomp_bin[128];
unsigned char pcomp_bin[512];
ssize_t pcomplen, quotelen;
int quote_passed;
char result[16];
......@@ -5256,6 +5256,13 @@ COMMAND_PROTOTYPE(dosecurestate)
return 1;
}
pcomplen = strlen(pcomp)/2;
if (pcomplen > sizeof(pcomp_bin)) {
error("SECURESTATE: %s: pcomp is too big (%zd)\n",
reqp->nodeid, pcomplen);
return 1;
}
for (i = 0; i < pcomplen; i++) {
if (!ishex(pcomp[i * 2]) || !ishex(pcomp[i * 2 + 1])) {
error("Error parsing pcomp\n");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment