CACKey
Check-in [ce07b4406e]
Login
HomeDownloadsSource CodeWiki
Overview
Comment:Fix dereferencing of cackey_pin_command when it is NULL and ensure printed buffers are truncated
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:ce07b4406ed341c3455db5edc8b66bd0cb377fe5
User & Date: rkeene on 2019-01-30 17:23:52
Other Links: manifest | tags
Context
2019-01-30
17:24
Only display extended key usage if it is present in the certificate check-in: 731ccabde6 user: rkeene tags: trunk
17:23
Fix dereferencing of cackey_pin_command when it is NULL and ensure printed buffers are truncated check-in: ce07b4406e user: rkeene tags: trunk
17:21
Use patched version of libpcsc check-in: 4aa7799e7f user: rkeene tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Modified cackey.c from [911e072212] to [50819dda69]. 

   224    224   	unsigned long idx; \
   225    225   	int snprintf_ret; \
   226    226   	TMPBUF = (unsigned char *) (x); \
   227    227   	buf_user[0] = 0; \
   228    228   	buf_user[2] = 0; \
   229    229   	buf_user_p = buf_user; \
   230    230   	buf_user_size = sizeof(buf_user); \
   231         -	for (idx = 0; idx < (y); idx++) { \
          231  +	for (idx = 0; idx < MIN((y), sizeof(buf_user)); idx++) { \
   232    232   		if (buf_user_size <= 0) { \
   233    233   			break; \
   234    234   		}; \
   235    235   		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \
   236    236   		if (snprintf_ret <= 0) { \
   237    237   			break; \
   238    238   		}; \
................................................................................
  4700   4700   		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
  4701   4701   	}
  4702   4702   
  4703   4703   	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
  4704   4704   		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
  4705   4705   	}
  4706   4706   
  4707         -	if (strcmp(cackey_pin_command, "") == 0) {
         4707  +	if (cackey_pin_command && strcmp(cackey_pin_command, "") == 0) {
  4708   4708   		free(cackey_pin_command);
  4709   4709   		cackey_pin_command = NULL;
  4710   4710   	}
  4711   4711   
  4712   4712   #ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
  4713   4713   	cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
  4714   4714   #endif

Powered by Fossil · RSS