projects / oweals / ucert.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
harden reading fingerprint from usign process
[oweals/ucert.git] / usign-exec.c
diff --git a/usign-exec.c b/usign-exec.c
index 70319fa5809ee436511bfb14296ea1e7c0009146..2ab2cd3c434bee4f5f8110feaa3feabab4591c82 100644 (file)
--- a/usign-exec.c
+++ b/usign-exec.c
@@ -20,6 +20,8 @@
 
 #include "usign.h"
 
 
 #include "usign.h"
 
+#define USIGN_EXEC "/usr/bin/usign"
+
 /*
  * check for revoker deadlink in pubkeydir
  * return true if a revoker exists, false otherwise
 /*
  * check for revoker deadlink in pubkeydir
  * return true if a revoker exists, false otherwise
@@ -48,7 +50,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo
        const char *usign_argv[16] = {0};
        unsigned int usign_argc = 0;
 
        const char *usign_argv[16] = {0};
        unsigned int usign_argc = 0;
 
-       usign_argv[usign_argc++] = "/usr/bin/usign";
+       usign_argv[usign_argc++] = USIGN_EXEC;
        usign_argv[usign_argc++] = "-S";
        usign_argv[usign_argc++] = "-m";
        usign_argv[usign_argc++] = msgfile;
        usign_argv[usign_argc++] = "-S";
        usign_argv[usign_argc++] = "-m";
        usign_argv[usign_argc++] = msgfile;
@@ -98,7 +100,7 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey
        if (pipe(fds))
                return -1;
 
        if (pipe(fds))
                return -1;
 
-       usign_argv[usign_argc++] = "/usr/bin/usign";
+       usign_argv[usign_argc++] = USIGN_EXEC;
        usign_argv[usign_argc++] = "-F";
 
        if (pubkeyfile) {
        usign_argv[usign_argc++] = "-F";
 
        if (pubkeyfile) {
@@ -136,14 +138,19 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey
 
        default:
                waitpid(pid, &status, 0);
 
        default:
                waitpid(pid, &status, 0);
+               status = WEXITSTATUS(status);
                if (fingerprint && !WEXITSTATUS(status)) {
                if (fingerprint && !WEXITSTATUS(status)) {
-                       memset(fingerprint, 0, 16);
-                       read(fds[0], fingerprint, 16);
+                       memset(fingerprint, 0, 17);
+                       read(fds[0], fingerprint, 17);
+                       if (fingerprint[16] != '\n')
+                               status = -1;
+
                        fingerprint[16] = '\0';
                        fingerprint[16] = '\0';
+
                }
                close(fds[0]);
                close(fds[1]);
                }
                close(fds[0]);
                close(fds[1]);
-               return WEXITSTATUS(status);
+               return status;
        }
 
        return -1;
        }
 
        return -1;
@@ -194,7 +201,7 @@ int usign_v(const char *msgfile, const char *pubkeyfile,
                        fprintf(stdout, "key %s has been revoked!\n", fingerprint);
                return 1;
        }
                        fprintf(stdout, "key %s has been revoked!\n", fingerprint);
                return 1;
        }
-       usign_argv[usign_argc++] = "/usr/bin/usign";
+       usign_argv[usign_argc++] = USIGN_EXEC;
        usign_argv[usign_argc++] = "-V";
        usign_argv[usign_argc++] = "-m";
        usign_argv[usign_argc++] = msgfile;
        usign_argv[usign_argc++] = "-V";
        usign_argv[usign_argc++] = "-m";
        usign_argv[usign_argc++] = msgfile;
Unnamed repository; edit this file 'description' to name the repository.