fixed potential string overflow
This commit is contained in:
parent
3f64d3a805
commit
6641cbf455
|
@ -25,6 +25,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#include "common/compat_strlcpy.h"
|
#include "common/compat_strlcpy.h"
|
||||||
|
#include "common/compat_strlcat.h"
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
#include "pkcs15.h"
|
#include "pkcs15.h"
|
||||||
#include "cardctl.h"
|
#include "cardctl.h"
|
||||||
|
@ -261,7 +262,8 @@ static char *dirpath(char *dir, const char *path){
|
||||||
static char buf[SC_MAX_PATH_STRING_SIZE];
|
static char buf[SC_MAX_PATH_STRING_SIZE];
|
||||||
|
|
||||||
strcpy(buf,dir);
|
strcpy(buf,dir);
|
||||||
return strcat(buf,path);
|
strlcat(buf,path,sizeof buf);
|
||||||
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int detect_netkey(
|
static int detect_netkey(
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
|
|
||||||
#include "libopensc/pkcs15.h"
|
#include "libopensc/pkcs15.h"
|
||||||
#include "common/compat_strlcpy.h"
|
#include "common/compat_strlcpy.h"
|
||||||
|
#include "common/compat_strlcat.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
static const char *app_name = "cryptoflex-tool";
|
static const char *app_name = "cryptoflex-tool";
|
||||||
|
@ -145,7 +146,7 @@ static int select_app_df(void)
|
||||||
|
|
||||||
strcpy(str, "3F00");
|
strcpy(str, "3F00");
|
||||||
if (opt_appdf != NULL)
|
if (opt_appdf != NULL)
|
||||||
strcat(str, opt_appdf);
|
strlcat(str, opt_appdf, sizeof str);
|
||||||
sc_format_path(str, &path);
|
sc_format_path(str, &path);
|
||||||
r = sc_select_file(card, &path, &file);
|
r = sc_select_file(card, &path, &file);
|
||||||
if (r) {
|
if (r) {
|
||||||
|
@ -945,7 +946,7 @@ static int create_pin(void)
|
||||||
}
|
}
|
||||||
strcpy(buf, "3F00");
|
strcpy(buf, "3F00");
|
||||||
if (opt_appdf != NULL)
|
if (opt_appdf != NULL)
|
||||||
strcat(buf, opt_appdf);
|
strlcat(buf, opt_appdf, sizeof buf);
|
||||||
sc_format_path(buf, &path);
|
sc_format_path(buf, &path);
|
||||||
|
|
||||||
return create_pin_file(&path, opt_pin_num, "");
|
return create_pin_file(&path, opt_pin_num, "");
|
||||||
|
|
|
@ -47,6 +47,8 @@
|
||||||
#include "pkcs11/pkcs11.h"
|
#include "pkcs11/pkcs11.h"
|
||||||
#include "pkcs11/pkcs11-opensc.h"
|
#include "pkcs11/pkcs11-opensc.h"
|
||||||
#include "libopensc/asn1.h"
|
#include "libopensc/asn1.h"
|
||||||
|
#include "common/compat_strlcat.h"
|
||||||
|
#include "common/compat_strlcpy.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
|
extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
|
||||||
|
@ -1145,7 +1147,7 @@ static void init_token(CK_SLOT_ID slot)
|
||||||
util_fatal("No PIN entered, exiting\n");
|
util_fatal("No PIN entered, exiting\n");
|
||||||
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
|
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
|
||||||
util_fatal("Invalid SO PIN\n");
|
util_fatal("Invalid SO PIN\n");
|
||||||
strcpy(new_buf, new_pin);
|
strlcpy(new_buf, new_pin, sizeof new_buf);
|
||||||
free(new_pin); new_pin = NULL;
|
free(new_pin); new_pin = NULL;
|
||||||
printf("Please enter the new SO PIN (again): ");
|
printf("Please enter the new SO PIN (again): ");
|
||||||
r = util_getpass(&new_pin, &len, stdin);
|
r = util_getpass(&new_pin, &len, stdin);
|
||||||
|
@ -1318,7 +1320,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
|
||||||
r = util_getpass(&new_pin, &len, stdin);
|
r = util_getpass(&new_pin, &len, stdin);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return 1;
|
return 1;
|
||||||
strcpy(new_buf, new_pin);
|
strlcpy(new_buf, new_pin, sizeof new_buf);
|
||||||
|
|
||||||
printf("Please enter the new PIN again: ");
|
printf("Please enter the new PIN again: ");
|
||||||
r = util_getpass(&new_pin, &len, stdin);
|
r = util_getpass(&new_pin, &len, stdin);
|
||||||
|
@ -4434,8 +4436,8 @@ static const char *p11_flag_names(struct flag_info *list, CK_FLAGS value)
|
||||||
buffer[0] = '\0';
|
buffer[0] = '\0';
|
||||||
while (list->value) {
|
while (list->value) {
|
||||||
if (list->value & value) {
|
if (list->value & value) {
|
||||||
strcat(buffer, sepa);
|
strlcat(buffer, sepa, sizeof buffer);
|
||||||
strcat(buffer, list->name);
|
strlcat(buffer, list->name, sizeof buffer);
|
||||||
value &= ~list->value;
|
value &= ~list->value;
|
||||||
sepa = ", ";
|
sepa = ", ";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue