j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Fix possible read of freed memory when verifying the signature of a file.

Browse source
This commit is contained in:
Guus Sliepen 2016-04-23 17:28:30 +02:00
parent 76955a6c8b
commit ab5f4cbdc6
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/tincctl.c
View file

@ -2517,6 +2517,7 @@ static int cmd_verify(int argc, char *argv[]) {
} }
*newline++ = '\0'; *newline++ = '\0';
size_t skip = newline - data;
char signer[MAX_STRING_SIZE] = ""; char signer[MAX_STRING_SIZE] = "";
char sig[MAX_STRING_SIZE] = ""; char sig[MAX_STRING_SIZE] = "";
@ -2543,6 +2544,8 @@ static int cmd_verify(int argc, char *argv[]) {
memcpy(data + len, trailer, trailer_len); memcpy(data + len, trailer, trailer_len);
free(trailer); free(trailer);
newline = data + skip;
char fname[PATH_MAX]; char fname[PATH_MAX];
snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node); snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
FILE *fp = fopen(fname, "r"); FILE *fp = fopen(fname, "r");