summaryrefslogtreecommitdiff
path: root/NK_C_API.cc
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2017-04-14 12:30:16 +0200
committerSzczepan Zalega <szczepan@nitrokey.com>2017-04-14 13:06:31 +0200
commit6e5847809c5c4c68f916fda4351c0b5e279915ed (patch)
tree4f4f77c5d70d9f515ba01296f26a615a97bd74c7 /NK_C_API.cc
parentd2089636399b4b0d26f22e072a9801b915acfc74 (diff)
downloadlibnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.gz
libnitrokey-6e5847809c5c4c68f916fda4351c0b5e279915ed.tar.bz2
Security: exchange strdup with strndup
Keep build directory (removed in earlier commit) Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Diffstat (limited to 'NK_C_API.cc')
-rw-r--r--NK_C_API.cc10
1 files changed, 6 insertions, 4 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc
index 16099db..5d8c3f4 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -6,6 +6,8 @@
using namespace nitrokey;
static uint8_t NK_last_command_status = 0;
+static const int max_string_field_length = 100;
+
template <typename T>
T* duplicate_vector_and_clear(std::vector<T> &v){
@@ -171,7 +173,7 @@ NK_C_API const char * NK_status() {
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_status_as_string();
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -181,7 +183,7 @@ NK_C_API const char * NK_device_serial_number(){
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_serial_number();
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -195,7 +197,7 @@ NK_C_API const char * NK_get_hotp_code_PIN(uint8_t slot_number, const char *user
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_HOTP_code(slot_number, user_temporary_password);
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});
@@ -211,7 +213,7 @@ NK_C_API const char * NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challen
auto m = NitrokeyManager::instance();
return get_with_string_result([&](){
string && s = m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password);
- char * rs = strdup(s.c_str());
+ char * rs = strndup(s.c_str(), max_string_field_length);
clear_string(s);
return rs;
});