> On Jan 11, 2016, at 7:01 PM, Salz, Rich via RT <r...@openssl.org> wrote:
>
>> I am a bit worried when I see C-beginner mistakes like this in a security
>> suite:
>> When using sscanf on data you have not produced yourself, you should
>> always assume they will be bigger that your largest buffer/variable and deal
>> correctly with that.
>
> That's a bit of an exaggeration here. It's not network data coming in from
> somewhere else, it's a number typed on the command line in a local program.
And, in new code, we do try to do better, this is from s_client.c
in master used to parse decimal integers 0..255, but deals with
overflow/underflow to ensure that we get exactly what the user
typed. Similar code could be used to parse the requested byte
count for rand(1). Not necessarily an urgent priority, but
something we should get to at some point, so I'd keep the ticket
open, at low priority.
static ossl_ssize_t checked_uint8(const char **inptr, void *out)
{
uint8_t *result = (uint8_t *)out;
const char *in = *inptr;
char *endp;
long v;
int e;
save_errno();
v = strtol(in, &endp, 10);
e = restore_errno();
if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
endp == in || !isspace(*endp) ||
v != (*result = (uint8_t) v)) {
return -1;
}
for (in = endp; isspace(*in); ++in)
continue;
*inptr = in;
return 1;
}
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
