From ce73876389a062dbf169e4231f507200b05ee41b Mon Sep 17 00:00:00 2001 From: Denis Pynkin Date: Wed, 17 Jun 2020 16:28:32 +0300 Subject: [PATCH] sign/ed25519: fix the abort in case of incorrect public key We need to check the size of public key before trying to use it. Signed-off-by: Denis Pynkin --- src/libostree/ostree-sign-ed25519.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index 05fbe5eb..0aaad189 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -415,12 +415,12 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self, return glnx_throw (error, "Unknown ed25519 public key type"); } - g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); - g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); - if (n_elements != crypto_sign_PUBLICKEYBYTES) return glnx_throw (error, "Incorrect ed25519 public key"); + g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); + g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); + if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL) { gpointer newkey = g_memdup (key, n_elements); @@ -449,14 +449,14 @@ _ed25519_add_revoked (OstreeSign *self, gsize n_elements = 0; gpointer key = g_base64_decode (rk_ascii, &n_elements); - g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); - g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); - if (n_elements != crypto_sign_PUBLICKEYBYTES) { return glnx_throw (error, "Incorrect ed25519 revoked key"); } + g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); + g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); + if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL) { gpointer newkey = g_memdup (key, n_elements);