From d1cc3a0b80974ac34e417e9e582cb83906bb4ce7 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Fri, 8 Jun 2018 18:16:00 +0200 Subject: [PATCH] harden reading fingerprint from usign process Signed-off-by: Daniel Golle This work was sponsored by WIO (wiowireless.com) --- usign-exec.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/usign-exec.c b/usign-exec.c index 70319fa..2ab2cd3 100644 --- a/usign-exec.c +++ b/usign-exec.c @@ -20,6 +20,8 @@ #include "usign.h" +#define USIGN_EXEC "/usr/bin/usign" + /* * check for revoker deadlink in pubkeydir * return true if a revoker exists, false otherwise @@ -48,7 +50,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo const char *usign_argv[16] = {0}; unsigned int usign_argc = 0; - usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-S"; usign_argv[usign_argc++] = "-m"; usign_argv[usign_argc++] = msgfile; @@ -98,7 +100,7 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey if (pipe(fds)) return -1; - usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-F"; if (pubkeyfile) { @@ -136,14 +138,19 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey default: waitpid(pid, &status, 0); + status = WEXITSTATUS(status); if (fingerprint && !WEXITSTATUS(status)) { - memset(fingerprint, 0, 16); - read(fds[0], fingerprint, 16); + memset(fingerprint, 0, 17); + read(fds[0], fingerprint, 17); + if (fingerprint[16] != '\n') + status = -1; + fingerprint[16] = '\0'; + } close(fds[0]); close(fds[1]); - return WEXITSTATUS(status); + return status; } return -1; @@ -194,7 +201,7 @@ int usign_v(const char *msgfile, const char *pubkeyfile, fprintf(stdout, "key %s has been revoked!\n", fingerprint); return 1; } - usign_argv[usign_argc++] = "/usr/bin/usign"; + usign_argv[usign_argc++] = USIGN_EXEC; usign_argv[usign_argc++] = "-V"; usign_argv[usign_argc++] = "-m"; usign_argv[usign_argc++] = msgfile; -- 2.25.1