Mercurial > trustbridge
view common/listutil.c @ 60:6acb1dae6185
Use strn functions and improve error handling.
Even if we know the strings are NULL terminated we use
length terminated string functions after a first strlen
this makes it easier to assert that at one point we know
the string is terminated and afterwards use the length
of that.
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Tue, 18 Mar 2014 11:28:02 +0000 |
parents | 3f6378647371 |
children | b8cd573bd3ac |
line wrap: on
line source
#include "listutil.h" #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <fcntl.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <string.h> #ifdef RELEASE #include "pubkey-release.h" #else #include "pubkey-test.h" #endif #pragma GCC diagnostic ignored "-Wconversion" /* Polarssl mh.h contains a conversion which gcc warns about */ #include <polarssl/pk.h> #include <polarssl/base64.h> #include <polarssl/sha256.h> #pragma GCC diagnostic pop #define MAX_FILESIZE 1048576 /* 1024*1024 */ /** * @brief Read a file into memory. * * The caller needs to free data * * @param[in] fileName Name of the file. * @param[out] data the file content * @param[out] size size in bytes of the file content. * @param[in] max_size the maximum amount of bytes to read. * * @return 0 on success an error code otherwise. */ #define READ_FILE_UNREADABLE -1 #define READ_FILE_TOO_LARGE -2 #define READ_FILE_NO_MEMORY -3 #define READ_FILE_READ_FAILED -4 static int read_file(const char *file_name, char **data, size_t *size, const size_t max_size) { FILE *f; long file_size; f = fopen(file_name, "rb"); if (f == NULL) return READ_FILE_UNREADABLE; fseek(f, 0, SEEK_END); file_size = ftell(f); if (file_size < 0){ fclose(f); return READ_FILE_UNREADABLE; } fseek(f, 0, SEEK_SET); if (file_size + 1 == 0) { fclose(f); return READ_FILE_TOO_LARGE; } *size = (size_t) file_size; if (*size > max_size) { fclose(f); return READ_FILE_TOO_LARGE; } *data = (char *) malloc( *size + 1 ); if (data == NULL) { fclose(f); return READ_FILE_NO_MEMORY; } if (fread(*data, 1, *size, f) != *size) { fclose(f); free(*data); return READ_FILE_READ_FAILED; } fclose(f); (*data)[*size] = '\0'; return 0; } int verify_list(char *data, size_t size) { int ret = -1; pk_context pub_key_ctx; char *p; /* Fixed key size of 3072 implies the sizes*/ const size_t sig_b64_size = 512; size_t sig_size = 384; char signature_b64[sig_b64_size + 1]; unsigned char signature[sig_size]; /* Hash algroithm is sha256 */ unsigned char hash[32]; /* Fetch the signature from the first line od data */ p = strchr(data, '\r'); if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) { /* printf("Invalid data. Signature might be too long.\n"); */ return -1; } strncpy(signature_b64, data + 2, sig_b64_size); signature_b64[sig_b64_size] = '\0'; ret = base64_decode(signature, &sig_size, (unsigned char *)signature_b64, sig_b64_size); if (ret != 0 || sig_size != 384) { /* printf("failed to decode signature\n"); */ return -1; } /* Hash is calculated over the data without the first line. * linebreaks are \r\n so the first char of the new line is * p+2 */ p += 2; /* Size of the data to hash is the size - signature line * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); pk_init(&pub_key_ctx); #if 0 { int i; FILE *foo = fopen("/tmp/testdump", "w"); FILE *foo2 = fopen("/tmp/rawdump", "w"); for (i=0; i< (int)(size - sig_b64_size - 2); i++) fprintf (foo, "%c", p[i]); for (i=0; i< (int)(size); i++) fprintf (foo2, "%c", data[i]); fclose(foo); printf ("Hash: \n"); for (i=0; i<32; i++) { printf ("%x", hash[i]); } printf("\n"); } #endif ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, public_key_pem_size); if (ret != 0) { printf("pk_parse_public_key failed with -0x%04x\n\n", -ret); pk_free(&pub_key_ctx); return ret; } ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, signature, sig_size); if (ret != 0) { printf("pk_verify failed with -0x%04x\n\n", -ret); } pk_free(&pub_key_ctx); return ret; } list_status_t read_and_verify_list(const char *file_name, char **data, size_t *size) { list_status_t retval = UnknownError; *data = NULL; *size = 0; int ret = 0; ret = read_file(file_name, data, size, MAX_FILESIZE); /* printf ("Ret: %i \n", ret); */ if (ret != 0) { if (ret == READ_FILE_TOO_LARGE) { return TooLarge; } if (ret == READ_FILE_UNREADABLE) { return SeekFailed; } if (ret == READ_FILE_READ_FAILED) { return ReadFailed; } return UnknownError; } if (!*data || !*size) { /* File is probably empty */ return UnknownError; } if (**data != 'S') { retval = InvalidFormat; } else { ret = verify_list (*data, *size); if (ret == 0) { /* Hooray */ return Valid; } if (ret == -1) { /* our error */ retval = InvalidFormat; } else { return InvalidSignature; } } if (retval != Valid && *data) { free(*data); *data = NULL; *size = 0; } return retval; }