[PATCH] Check UN and HN length early on key generation
Eric Rannaud
eric.rannaud at gmail.com
Wed Aug 15 20:21:43 CEST 2007
Patch against CVS HEAD (but tested against 1.1.2 as HEAD is broken).
Please CC me as I am not subscribed to the list.
P.S. By the way, http://silcnet.org/community/development/cvs.php
mentions ./prepare instead of autodist.
----
When generating a new keypair with silc on the command line, the length
of the fields UN and HN is checked (they have to be longer than 3) only
in silc_pkcs_silc_encode_identifier() without a meaningful error
message. This patch adds a check in silc_create_key_pair(), similarly to
the check that both UN and HN have been given by the user.
Note that I don't know why silc_pkcs_silc_encode_identifier() enforces
a longer-than-3 restriction. Is there a reason for that?
diff -ur silc/lib/silcapputil/silcapputil.c silc-patch/lib/silcapputil/silcapputil.c
--- silc/lib/silcapputil/silcapputil.c 2007-08-15 19:48:21.000000000 +0200
+++ silc-patch/lib/silcapputil/silcapputil.c 2007-08-15 19:46:30.000000000 +0200
@@ -152,6 +152,15 @@
return FALSE;
}
+ char *ident_un, *ident_hn;
+ ident_un = strstr(identifier, "UN=") + 3;
+ ident_hn = strstr(identifier, "HN=") + 3;
+ if (strcspn(ident_un, ",") < 3 || strcspn(ident_hn, ",") < 3) {
+ fprintf(stderr, "Invalid public key identifier. UN and HN must each have "
+ "more than 3 characters\n");
+ return FALSE;
+ }
+
rng = silc_rng_alloc();
silc_rng_init(rng);
silc_rng_global_init(rng);
More information about the silc-devel
mailing list