ENGINE-588: put strnstr into the keycount for pgp_sequoia.c - because of this count, the strstr in the function which uses it is ok and doesn't have to depend on null termination (it will terminate with the count) sync
authorKrista 'DarthMama' Bennett <krista@pep.foundation>
Fri, 05 Jul 2019 14:13:48 +0200
branchsync
changeset 39027eb39c8f2f94
parent 3901 cdfe2dddb5da
child 3903 abaab1748cc1
child 3904 344a2d820213
ENGINE-588: put strnstr into the keycount for pgp_sequoia.c - because of this count, the strstr in the function which uses it is ok and doesn't have to depend on null termination (it will terminate with the count)
src/pgp_sequoia.c
test/src/SuiteMaker.cc
     1.1 --- a/src/pgp_sequoia.c	Fri Jul 05 14:06:07 2019 +0200
     1.2 +++ b/src/pgp_sequoia.c	Fri Jul 05 14:13:48 2019 +0200
     1.3 @@ -1854,18 +1854,21 @@
     1.4      return status;
     1.5  }
     1.6  
     1.7 -static unsigned int count_keydata_parts(const char* key_data) {
     1.8 +static unsigned int count_keydata_parts(const char* key_data, size_t size) {
     1.9      unsigned int retval = 0;
    1.10      
    1.11      const char* pgp_begin = "-----BEGIN PGP";
    1.12      size_t prefix_len = strlen(pgp_begin);
    1.13 +    size_t size_remaining = size;
    1.14 +    
    1.15      while (key_data) {
    1.16 -        if (key_data[0] == '\0' || strlen(key_data) <= prefix_len)
    1.17 +        if (size_remaining <= prefix_len || key_data[0] == '\0')
    1.18              break;
    1.19 -        key_data = strstr(key_data, pgp_begin);
    1.20 +        key_data = strnstr(key_data, pgp_begin, size_remaining);
    1.21          if (key_data) {
    1.22              retval++;
    1.23              key_data += prefix_len;
    1.24 +            size_remaining -= prefix_len;
    1.25          }
    1.26      }
    1.27      return retval;
    1.28 @@ -2006,7 +2009,7 @@
    1.29  PEP_STATUS pgp_import_keydata(PEP_SESSION session, const char *key_data,
    1.30                                size_t size, identity_list **private_idents)
    1.31  {
    1.32 -    unsigned int keycount = count_keydata_parts(key_data);
    1.33 +    unsigned int keycount = count_keydata_parts(key_data, size);
    1.34      if (keycount < 2)
    1.35          return(_pgp_import_keydata(session, key_data, size, private_idents));
    1.36  
    1.37 @@ -2026,6 +2029,7 @@
    1.38  
    1.39          // This is assured to be OK because the count function above 
    1.40          // made sure that THIS round contains at least prefix_len chars
    1.41 +        // We used strnstr to count, so we know that strstr will be ok.
    1.42          if (strlen(curr_begin + prefix_len) > prefix_len)
    1.43              next_begin = strstr(curr_begin + prefix_len, pgp_begin);
    1.44  
     2.1 --- a/test/src/SuiteMaker.cc	Fri Jul 05 14:06:07 2019 +0200
     2.2 +++ b/test/src/SuiteMaker.cc	Fri Jul 05 14:13:48 2019 +0200
     2.3 @@ -21,6 +21,7 @@
     2.4  #include "Engine463Tests.h"
     2.5  #include "IOS1664Tests.h"
     2.6  #include "BloblistTests.h"
     2.7 +#include "KeyImportAndRetrieveTests.h"
     2.8  #include "NewUpdateIdAndMyselfTests.h"
     2.9  #include "NoOwnIdentWritesOnDecryptTests.h"
    2.10  #include "LiteralFilenameTests.h"
    2.11 @@ -71,6 +72,7 @@
    2.12  #include "KeyAttachmentTests.h"
    2.13  #include "OwnKeysRetrieveTests.h"
    2.14  #include "TrustManipulationTests.h"
    2.15 +#include "StrnstrTests.h"
    2.16  #include "SyncTests.h"
    2.17  #include "RevocationTests.h"
    2.18  #include "AppleMailTests.h"
    2.19 @@ -86,6 +88,7 @@
    2.20      "Engine463Tests",
    2.21      "IOS1664Tests",
    2.22      "BloblistTests",
    2.23 +    "KeyImportAndRetrieveTests",
    2.24      "NewUpdateIdAndMyselfTests",
    2.25      "NoOwnIdentWritesOnDecryptTests",
    2.26      "LiteralFilenameTests",
    2.27 @@ -136,13 +139,14 @@
    2.28      "KeyAttachmentTests",
    2.29      "OwnKeysRetrieveTests",
    2.30      "TrustManipulationTests",
    2.31 +    "StrnstrTests",
    2.32      "SyncTests",
    2.33      "RevocationTests",
    2.34      "AppleMailTests",
    2.35  };
    2.36  
    2.37  // This file is generated, so magic constants are ok.
    2.38 -int SuiteMaker::num_suites = 62;
    2.39 +int SuiteMaker::num_suites = 64;
    2.40  
    2.41  void SuiteMaker::suitemaker_build(const char* test_class_name, const char* test_home, Test::Suite** test_suite) {
    2.42      if (strcmp(test_class_name, "URIAddressTests") == 0)
    2.43 @@ -163,6 +167,8 @@
    2.44          *test_suite = new IOS1664Tests(test_class_name, test_home);
    2.45      else if (strcmp(test_class_name, "BloblistTests") == 0)
    2.46          *test_suite = new BloblistTests(test_class_name, test_home);
    2.47 +    else if (strcmp(test_class_name, "KeyImportAndRetrieveTests") == 0)
    2.48 +        *test_suite = new KeyImportAndRetrieveTests(test_class_name, test_home);
    2.49      else if (strcmp(test_class_name, "NewUpdateIdAndMyselfTests") == 0)
    2.50          *test_suite = new NewUpdateIdAndMyselfTests(test_class_name, test_home);
    2.51      else if (strcmp(test_class_name, "NoOwnIdentWritesOnDecryptTests") == 0)
    2.52 @@ -263,6 +269,8 @@
    2.53          *test_suite = new OwnKeysRetrieveTests(test_class_name, test_home);
    2.54      else if (strcmp(test_class_name, "TrustManipulationTests") == 0)
    2.55          *test_suite = new TrustManipulationTests(test_class_name, test_home);
    2.56 +    else if (strcmp(test_class_name, "StrnstrTests") == 0)
    2.57 +        *test_suite = new StrnstrTests(test_class_name, test_home);
    2.58      else if (strcmp(test_class_name, "SyncTests") == 0)
    2.59          *test_suite = new SyncTests(test_class_name, test_home);
    2.60      else if (strcmp(test_class_name, "RevocationTests") == 0)