=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v retrieving revision 1.125 retrieving revision 1.126 diff -c -r1.125 -r1.126 *** src/usr.bin/signify/signify.c 2016/10/05 15:58:50 1.125 --- src/usr.bin/signify/signify.c 2016/10/06 22:38:25 1.126 *************** *** 1,4 **** ! /* $OpenBSD: signify.c,v 1.125 2016/10/05 15:58:50 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * --- 1,4 ---- ! /* $OpenBSD: signify.c,v 1.126 2016/10/06 22:38:25 espie Exp $ */ /* * Copyright (c) 2013 Ted Unangst * *************** *** 343,365 **** sizeof(pubkey), O_EXCL, 0666); } ! static void check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile) { ! size_t len; ! len = strlen(pubkeyfile); ! if (strlen(seckeyfile) != len) ! goto bad; if (len < 5) /* ?.key */ goto bad; ! if (strcmp(pubkeyfile + len - 4, ".pub") != 0 || ! strcmp(seckeyfile + len - 4, ".sec") != 0) goto bad; ! if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0) ! goto bad; ! return; bad: errx(1, "please use naming scheme of keyname.pub and keyname.sec"); } --- 343,378 ---- sizeof(pubkey), O_EXCL, 0666); } ! static const char * check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile) { ! const char *pos; ! /* basename may or may not modify input */ ! pos = strrchr(seckeyfile, '/'); ! if (pos != NULL) ! seckeyfile = pos+1; ! ! size_t len; ! len = strlen(seckeyfile); if (len < 5) /* ?.key */ goto bad; ! if (strcmp(seckeyfile + len - 4, ".sec") != 0) goto bad; ! if (pubkeyfile != NULL) { ! pos = strrchr(pubkeyfile, '/'); ! if (pos != NULL) ! pubkeyfile = pos+1; ! if (strlen(pubkeyfile) != len) ! goto bad; ! if (strcmp(pubkeyfile + len - 4, ".pub") != 0) ! goto bad; ! if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0) ! goto bad; ! } ! ! return seckeyfile; bad: errx(1, "please use naming scheme of keyname.pub and keyname.sec"); } *************** *** 372,378 **** uint8_t xorkey[sizeof(enckey.seckey)]; struct sig sig; char *sighdr; - char *extname; uint8_t digest[SHA512_DIGEST_LENGTH]; int i, nr, rounds; SHA2_CTX ctx; --- 385,390 ---- *************** *** 380,403 **** readb64file(seckeyfile, &enckey, sizeof(enckey), comment); ! extname = strrchr(seckeyfile, '.'); ! if (extname && strcmp(extname, ".sec") == 0) { ! const char *keyname; ! /* basename may or may not modify input */ ! if (!(keyname = strrchr(seckeyfile, '/'))) ! keyname = seckeyfile; ! else ! keyname++; ! nr = snprintf(sigcomment, sizeof(sigcomment), ! VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname); ! if (nr == -1 || nr >= sizeof(sigcomment)) ! errx(1, "comment too long"); } else { nr = snprintf(sigcomment, sizeof(sigcomment), ! "signature from %s", comment); ! if (nr == -1 || nr >= sizeof(sigcomment)) ! errx(1, "comment too long"); } if (memcmp(enckey.kdfalg, KDFALG, 2) != 0) errx(1, "unsupported KDF"); --- 392,408 ---- readb64file(seckeyfile, &enckey, sizeof(enckey), comment); ! if (strcmp(seckeyfile, "-") == 0) { ! nr = snprintf(sigcomment, sizeof(sigcomment), ! "signature from %s", comment); } else { + const char *keyname = check_keyname_compliance(NULL, + seckeyfile); nr = snprintf(sigcomment, sizeof(sigcomment), ! VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname); } + if (nr == -1 || nr >= sizeof(sigcomment)) + errx(1, "comment too long"); if (memcmp(enckey.kdfalg, KDFALG, 2) != 0) errx(1, "unsupported KDF");