lib: correct zero memory defines, correct overflow checks in _write_certificate
This commit is contained in:
+5
-2
@@ -240,9 +240,12 @@ void yc_log_event(uint32_t id, yc_log_level_t level, const char *sz_format, ...)
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#define yc_memzero SecureZeroMemory
|
||||
#elif __OPENBSD__
|
||||
#elif defined(BSD)
|
||||
#include <strings.h>
|
||||
#define yc_memzero explicit_bzero;
|
||||
#define yc_memzero explicit_bzero
|
||||
#elif defined(__linux__)
|
||||
#include <openssl/crypto.h>
|
||||
#define yc_memzero OPENSSL_cleanse
|
||||
#else
|
||||
#define __STDC_WANT_LIB_EXT1__ 1
|
||||
#include <string.h>
|
||||
|
||||
+3
-1
@@ -1399,8 +1399,10 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
|
||||
// calculate the required length of the encoded object
|
||||
req_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */;
|
||||
req_len += _ykpiv_set_length(buf, data_len);
|
||||
req_len += data_len;
|
||||
|
||||
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR;
|
||||
if (req_len < data_len) return YKPIV_SIZE_ERROR; /* detect overflow of unsigned size_t */
|
||||
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; /* obj_size_max includes limits for TLV encoding */
|
||||
|
||||
buf[offset++] = TAG_CERT;
|
||||
offset += _ykpiv_set_length(buf + offset, data_len);
|
||||
|
||||
Reference in New Issue
Block a user