From a10ab1ace55aa70673c1f7d16324d582385476a1 Mon Sep 17 00:00:00 2001 From: Dave Pate Date: Mon, 21 Jan 2019 15:02:05 -0800 Subject: [PATCH] lib: correct zero memory defines, correct overflow checks in _write_certificate --- lib/internal.h | 7 +++++-- lib/util.c | 4 +++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/internal.h b/lib/internal.h index 632052e..4f0dac7 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -240,9 +240,12 @@ void yc_log_event(uint32_t id, yc_log_level_t level, const char *sz_format, ...) #ifdef _WIN32 #include #define yc_memzero SecureZeroMemory -#elif __OPENBSD__ +#elif defined(BSD) #include -#define yc_memzero explicit_bzero; +#define yc_memzero explicit_bzero +#elif defined(__linux__) +#include +#define yc_memzero OPENSSL_cleanse #else #define __STDC_WANT_LIB_EXT1__ 1 #include diff --git a/lib/util.c b/lib/util.c index cc6da6f..11ce389 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1399,8 +1399,10 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da // calculate the required length of the encoded object req_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */; req_len += _ykpiv_set_length(buf, data_len); + req_len += data_len; - if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; + if (req_len < data_len) return YKPIV_SIZE_ERROR; /* detect overflow of unsigned size_t */ + if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; /* obj_size_max includes limits for TLV encoding */ buf[offset++] = TAG_CERT; offset += _ykpiv_set_length(buf + offset, data_len);