diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2017-04-14 12:30:16 +0200 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2017-04-14 13:06:31 +0200 |
commit | 6e5847809c5c4c68f916fda4351c0b5e279915ed (patch) | |
tree | 4f4f77c5d70d9f515ba01296f26a615a97bd74c7 /NK_C_API.cc | |
parent | d2089636399b4b0d26f22e072a9801b915acfc74 (diff) | |
download | libnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.gz libnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.bz2 |
Security: exchange strdup with strndup
Keep build directory (removed in earlier commit)
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Diffstat (limited to 'NK_C_API.cc')
-rw-r--r-- | NK_C_API.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc index 16099db..5d8c3f4 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -6,6 +6,8 @@ using namespace nitrokey; static uint8_t NK_last_command_status = 0; +static const int max_string_field_length = 100; + template <typename T> T* duplicate_vector_and_clear(std::vector<T> &v){ @@ -171,7 +173,7 @@ NK_C_API const char * NK_status() { auto m = NitrokeyManager::instance(); return get_with_string_result([&](){ string && s = m->get_status_as_string(); - char * rs = strdup(s.c_str()); + char * rs = strndup(s.c_str(), max_string_field_length); clear_string(s); return rs; }); @@ -181,7 +183,7 @@ NK_C_API const char * NK_device_serial_number(){ auto m = NitrokeyManager::instance(); return get_with_string_result([&](){ string && s = m->get_serial_number(); - char * rs = strdup(s.c_str()); + char * rs = strndup(s.c_str(), max_string_field_length); clear_string(s); return rs; }); @@ -195,7 +197,7 @@ NK_C_API const char * NK_get_hotp_code_PIN(uint8_t slot_number, const char *user auto m = NitrokeyManager::instance(); return get_with_string_result([&](){ string && s = m->get_HOTP_code(slot_number, user_temporary_password); - char * rs = strdup(s.c_str()); + char * rs = strndup(s.c_str(), max_string_field_length); clear_string(s); return rs; }); @@ -211,7 +213,7 @@ NK_C_API const char * NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challen auto m = NitrokeyManager::instance(); return get_with_string_result([&](){ string && s = m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password); - char * rs = strdup(s.c_str()); + char * rs = strndup(s.c_str(), max_string_field_length); clear_string(s); return rs; }); |