Commit 0c84b674 authored by Cody Cutler's avatar Cody Cutler Committed by Mike Hibler

Fix buffer overflow in secure state verification

Now let's not worry about who put it there; the important part is that
it is fixed.
(cherry picked from commit 0c9cb66d262568f076a0ec1806e5edc56c6e38a5)
parent e16f4a1f
......@@ -5197,7 +5197,7 @@ COMMAND_PROTOTYPE(dosecurestate)
char quote[1024];
char pcomp[1024];
unsigned char quote_bin[256];
unsigned char pcomp_bin[128];
unsigned char pcomp_bin[512];
ssize_t pcomplen, quotelen;
int quote_passed;
char result[16];
......@@ -5256,6 +5256,13 @@ COMMAND_PROTOTYPE(dosecurestate)
return 1;
}
pcomplen = strlen(pcomp)/2;
if (pcomplen > sizeof(pcomp_bin)) {
error("SECURESTATE: %s: pcomp is too big (%zd)\n",
reqp->nodeid, pcomplen);
return 1;
}
for (i = 0; i < pcomplen; i++) {
if (!ishex(pcomp[i * 2]) || !ishex(pcomp[i * 2 + 1])) {
error("Error parsing pcomp\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment