Mercurial > dropbear
view libtommath/bn_mp_fwrite.c @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | 1051e4eea25a |
children |
line wrap: on
line source
#include "tommath_private.h" #ifdef BN_MP_FWRITE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ #ifndef MP_NO_FILE mp_err mp_fwrite(const mp_int *a, int radix, FILE *stream) { char *buf; mp_err err; int len; size_t written; /* TODO: this function is not in this PR */ if (MP_HAS(MP_RADIX_SIZE_OVERESTIMATE)) { /* if ((err = mp_radix_size_overestimate(&t, base, &len)) != MP_OKAY) goto LBL_ERR; */ } else { if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) { return err; } } buf = (char *) MP_MALLOC((size_t)len); if (buf == NULL) { return MP_MEM; } if ((err = mp_to_radix(a, buf, (size_t)len, &written, radix)) != MP_OKAY) { goto LBL_ERR; } if (fwrite(buf, written, 1uL, stream) != 1uL) { err = MP_ERR; goto LBL_ERR; } err = MP_OKAY; LBL_ERR: MP_FREE_BUFFER(buf, (size_t)len); return err; } #endif #endif