packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sign/ed25519: fix the abort in case of incorrect public key 

We need to check the size of public key before trying to use it.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
This commit is contained in:
Denis Pynkin 2020-06-17 16:28:32 +03:00
parent b2dde24f00
commit ce73876389
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libostree/ostree-sign-ed25519.c
View File

@ -415,12 +415,12 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
return glnx_throw (error, "Unknown ed25519 public key type"); return glnx_throw (error, "Unknown ed25519 public key type");
} }
g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (n_elements != crypto_sign_PUBLICKEYBYTES) if (n_elements != crypto_sign_PUBLICKEYBYTES)
return glnx_throw (error, "Incorrect ed25519 public key"); return glnx_throw (error, "Incorrect ed25519 public key");
g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL) if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL)
{ {
gpointer newkey = g_memdup (key, n_elements); gpointer newkey = g_memdup (key, n_elements);
@ -449,14 +449,14 @@ _ed25519_add_revoked (OstreeSign *self,
gsize n_elements = 0; gsize n_elements = 0;
gpointer key = g_base64_decode (rk_ascii, &n_elements); gpointer key = g_base64_decode (rk_ascii, &n_elements);
g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (n_elements != crypto_sign_PUBLICKEYBYTES) if (n_elements != crypto_sign_PUBLICKEYBYTES)
{ {
return glnx_throw (error, "Incorrect ed25519 revoked key"); return glnx_throw (error, "Incorrect ed25519 revoked key");
} }
g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL) if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL)
{ {
gpointer newkey = g_memdup (key, n_elements); gpointer newkey = g_memdup (key, n_elements);