projects
/
tinc
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
76955a6
)
Fix possible read of freed memory when verifying the signature of a file.
author
Guus Sliepen
<guus@tinc-vpn.org>
Sat, 23 Apr 2016 15:28:30 +0000
(17:28 +0200)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Sat, 23 Apr 2016 15:28:30 +0000
(17:28 +0200)
src/tincctl.c
patch
|
blob
|
history
diff --git
a/src/tincctl.c
b/src/tincctl.c
index
f41e030
..
e42ec2c
100644
(file)
--- a/
src/tincctl.c
+++ b/
src/tincctl.c
@@
-2517,6
+2517,7
@@
static int cmd_verify(int argc, char *argv[]) {
}
*newline++ = '\0';
}
*newline++ = '\0';
+ size_t skip = newline - data;
char signer[MAX_STRING_SIZE] = "";
char sig[MAX_STRING_SIZE] = "";
char signer[MAX_STRING_SIZE] = "";
char sig[MAX_STRING_SIZE] = "";
@@
-2543,6
+2544,8
@@
static int cmd_verify(int argc, char *argv[]) {
memcpy(data + len, trailer, trailer_len);
free(trailer);
memcpy(data + len, trailer, trailer_len);
free(trailer);
+ newline = data + skip;
+
char fname[PATH_MAX];
snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
FILE *fp = fopen(fname, "r");
char fname[PATH_MAX];
snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
FILE *fp = fopen(fname, "r");
projects / tinc / commitdiff