Fix possible read of freed memory when verifying the signature of a file.

diff --git a/src/tincctl.c b/src/tincctl.c
index f41e0307b6abeed018ba207df1a8e81a79bef35d..e42ec2cc81ccebb72709dac737856c5bdb64cfb8 100644 (file)
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -2517,6 +2517,7 @@ static int cmd_verify(int argc, char *argv[]) {
        }
 
        *newline++ = '\0';
+       size_t skip = newline - data;
 
        char signer[MAX_STRING_SIZE] = "";
        char sig[MAX_STRING_SIZE] = "";
@@ -2543,6 +2544,8 @@ static int cmd_verify(int argc, char *argv[]) {
        memcpy(data + len, trailer, trailer_len);
        free(trailer);
 
+       newline = data + skip;
+
        char fname[PATH_MAX];
        snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
        FILE *fp = fopen(fname, "r");