summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2017-04-14 12:30:16 +0200
committerSzczepan Zalega <szczepan@nitrokey.com>2017-04-14 13:06:31 +0200
commit6e5847809c5c4c68f916fda4351c0b5e279915ed (patch)
tree4f4f77c5d70d9f515ba01296f26a615a97bd74c7
parentd2089636399b4b0d26f22e072a9801b915acfc74 (diff)
downloadlibnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.gz
libnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.bz2
Security: exchange strdup with strndup
Keep build directory (removed in earlier commit) Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r--NK_C_API.cc10
-rw-r--r--NitrokeyManager.cc16
-rw-r--r--build/.gitignore1
3 files changed, 16 insertions, 11 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc
index 16099db..5d8c3f4 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -6,6 +6,8 @@
using namespace nitrokey;
static uint8_t NK_last_command_status = 0;
+static const int max_string_field_length = 100;
+
template <typename T>
T* duplicate_vector_and_clear(std::vector<T> &v){
@@ -171,7 +173,7 @@ NK_C_API const char * NK_status() {
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_status_as_string();
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -181,7 +183,7 @@ NK_C_API const char * NK_device_serial_number(){
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_serial_number();
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -195,7 +197,7 @@ NK_C_API const char * NK_get_hotp_code_PIN(uint8_t slot_number, const char *user
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_HOTP_code(slot_number, user_temporary_password);
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -211,7 +213,7 @@ NK_C_API const char * NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challen
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password);
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index faeaf03..60c1a24 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -472,11 +472,13 @@ namespace nitrokey{
return get_slot_name(slot_number);
}
- const char * NitrokeyManager::get_slot_name(uint8_t slot_number) {
+ static const int max_string_field_length = 100;
+
+ const char * NitrokeyManager::get_slot_name(uint8_t slot_number) {
auto payload = get_payload<GetSlotName>();
payload.slot_number = slot_number;
auto resp = GetSlotName::CommandTransaction::run(device, payload);
- return strdup((const char *) resp.data().slot_name);
+ return strndup((const char *) resp.data().slot_name, max_string_field_length);
}
bool NitrokeyManager::first_authenticate(const char *pin, const char *temporary_password) {
@@ -583,7 +585,7 @@ namespace nitrokey{
auto p = get_payload<GetPasswordSafeSlotName>();
p.slot_number = slot_number;
auto response = GetPasswordSafeSlotName::CommandTransaction::run(device, p);
- return strdup((const char *) response.data().slot_name);
+ return strndup((const char *) response.data().slot_name, max_string_field_length);
}
bool NitrokeyManager::is_valid_password_safe_slot_number(uint8_t slot_number) const { return slot_number < 16; }
@@ -593,7 +595,7 @@ namespace nitrokey{
auto p = get_payload<GetPasswordSafeSlotLogin>();
p.slot_number = slot_number;
auto response = GetPasswordSafeSlotLogin::CommandTransaction::run(device, p);
- return strdup((const char *) response.data().slot_login);
+ return strndup((const char *) response.data().slot_login, max_string_field_length);
}
const char *NitrokeyManager::get_password_safe_slot_password(uint8_t slot_number) {
@@ -601,7 +603,7 @@ namespace nitrokey{
auto p = get_payload<GetPasswordSafeSlotPassword>();
p.slot_number = slot_number;
auto response = GetPasswordSafeSlotPassword::CommandTransaction::run(device, p);
- return strdup((const char *) response.data().slot_password); //FIXME use secure way
+ return strndup((const char *) response.data().slot_password, max_string_field_length); //FIXME use secure way
}
void NitrokeyManager::write_password_safe_slot(uint8_t slot_number, const char *slot_name, const char *slot_login,
@@ -816,7 +818,7 @@ namespace nitrokey{
const char * NitrokeyManager::get_status_storage_as_string(){
auto p = stick20::GetDeviceStatus::CommandTransaction::run(device);
- return strdup(p.data().dissect().c_str());
+ return strndup(p.data().dissect().c_str(), max_string_field_length);
}
stick20::DeviceConfigurationResponsePacket::ResponsePayload NitrokeyManager::get_status_storage(){
@@ -826,7 +828,7 @@ namespace nitrokey{
const char * NitrokeyManager::get_SD_usage_data_as_string(){
auto p = stick20::GetSDCardOccupancy::CommandTransaction::run(device);
- return strdup(p.data().dissect().c_str());
+ return strndup(p.data().dissect().c_str(), max_string_field_length);
}
std::pair<uint8_t,uint8_t> NitrokeyManager::get_SD_usage_data(){
diff --git a/build/.gitignore b/build/.gitignore
new file mode 100644
index 0000000..72e8ffc
--- /dev/null
+++ b/build/.gitignore
@@ -0,0 +1 @@
+*