diff options
| author | Nicola Tuveri <nicola.tuveri@ibm.com> | 2020-05-19 19:36:44 +0200 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-05-22 15:35:21 +0200 |
| commit | 2de64666a07cccf8477e6483de62ae31f463df64 (patch) | |
| tree | fbed08dcd12d6a7db9868b57643055701fd91df6 /providers/implementations/signature | |
| parent | e12813d0d31f4f7be2ccc592d382ef3e94bdb842 (diff) | |
| download | openssl-new-2de64666a07cccf8477e6483de62ae31f463df64.tar.gz | |
Adjust length of some strncpy() calls
This fixes warnings detected by -Wstringop-truncation.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11878)
Diffstat (limited to 'providers/implementations/signature')
| -rw-r--r-- | providers/implementations/signature/rsa.c | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 6f62c2b648..0e3885ec1d 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -227,17 +227,22 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid = rsa_get_md_nid(md); WPACKET pkt; + size_t mdname_len = strlen(mdname); if (md == NULL || md_nid == NID_undef || !rsa_check_padding(md_nid, ctx->pad_mode) - || !rsa_check_parameters(md, ctx)) { + || !rsa_check_parameters(md, ctx) + || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "%s could not be fetched", mdname); if (md_nid == NID_undef) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); + if (mdname_len >= sizeof(ctx->mdname)) + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s exceeds name buffer length", mdname); EVP_MD_free(md); return 0; } @@ -274,6 +279,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, const char *mdprops) { + size_t len; + if (mdprops == NULL) mdprops = ctx->propq; @@ -285,7 +292,12 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, "%s could not be fetched", mdname); return 0; } - OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); + len = OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); + if (len >= sizeof(ctx->mgf1_mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s exceeds name buffer length", mdname); + return 0; + } return 1; } @@ -321,6 +333,7 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) int mgf1md_nid = rsa_pss_params_30_maskgenhashalg(pss); int min_saltlen = rsa_pss_params_30_saltlen(pss); const char *mdname, *mgf1mdname; + size_t len; mdname = rsa_oaeppss_nid2name(md_nid); mgf1mdname = rsa_oaeppss_nid2name(mgf1md_nid); @@ -337,9 +350,20 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation) return 0; } - strncpy(prsactx->mdname, mdname, sizeof(prsactx->mdname)); - strncpy(prsactx->mgf1_mdname, mgf1mdname, - sizeof(prsactx->mgf1_mdname)); + len = OPENSSL_strlcpy(prsactx->mdname, mdname, + sizeof(prsactx->mdname)); + if (len >= sizeof(prsactx->mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "hash algorithm name too long"); + return 0; + } + len = OPENSSL_strlcpy(prsactx->mgf1_mdname, mgf1mdname, + sizeof(prsactx->mgf1_mdname)); + if (len >= sizeof(prsactx->mgf1_mdname)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "MGF1 hash algorithm name too long"); + return 0; + } prsactx->saltlen = min_saltlen; return rsa_setup_md(prsactx, mdname, prsactx->propq) |