From: Guus Sliepen Date: Sat, 23 Apr 2016 15:28:30 +0000 (+0200) Subject: Fix possible read of freed memory when verifying the signature of a file. X-Git-Tag: release-1.1pre12~4 X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=ab5f4cbdc65cbc55062b36a6c11482c217884fe8 Fix possible read of freed memory when verifying the signature of a file. --- diff --git a/src/tincctl.c b/src/tincctl.c index f41e0307..e42ec2cc 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -2517,6 +2517,7 @@ static int cmd_verify(int argc, char *argv[]) { } *newline++ = '\0'; + size_t skip = newline - data; char signer[MAX_STRING_SIZE] = ""; char sig[MAX_STRING_SIZE] = ""; @@ -2543,6 +2544,8 @@ static int cmd_verify(int argc, char *argv[]) { memcpy(data + len, trailer, trailer_len); free(trailer); + newline = data + skip; + char fname[PATH_MAX]; snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node); FILE *fp = fopen(fname, "r");