lib: correct zero memory defines, correct overflow checks in _write_certificate

This commit is contained in:
Dave Pate
2019-01-21 15:02:05 -08:00
committed by Klas Lindfors
parent c4dbf9d02c
commit a10ab1ace5
2 changed files with 8 additions and 3 deletions
+5 -2
View File
@@ -240,9 +240,12 @@ void yc_log_event(uint32_t id, yc_log_level_t level, const char *sz_format, ...)
#ifdef _WIN32 #ifdef _WIN32
#include <windows.h> #include <windows.h>
#define yc_memzero SecureZeroMemory #define yc_memzero SecureZeroMemory
#elif __OPENBSD__ #elif defined(BSD)
#include <strings.h> #include <strings.h>
#define yc_memzero explicit_bzero; #define yc_memzero explicit_bzero
#elif defined(__linux__)
#include <openssl/crypto.h>
#define yc_memzero OPENSSL_cleanse
#else #else
#define __STDC_WANT_LIB_EXT1__ 1 #define __STDC_WANT_LIB_EXT1__ 1
#include <string.h> #include <string.h>
+3 -1
View File
@@ -1399,8 +1399,10 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
// calculate the required length of the encoded object // calculate the required length of the encoded object
req_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */; req_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */;
req_len += _ykpiv_set_length(buf, data_len); req_len += _ykpiv_set_length(buf, data_len);
req_len += data_len;
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; if (req_len < data_len) return YKPIV_SIZE_ERROR; /* detect overflow of unsigned size_t */
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; /* obj_size_max includes limits for TLV encoding */
buf[offset++] = TAG_CERT; buf[offset++] = TAG_CERT;
offset += _ykpiv_set_length(buf + offset, data_len); offset += _ykpiv_set_length(buf + offset, data_len);