diff options
| author | daurnimator <quae@daurnimator.com> | 2016-01-03 10:43:16 +1100 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com> | 2016-01-04 19:05:42 +1100 |
| commit | 59cc755e2a48b0d479480c09bf0b9893ffdfce36 (patch) | |
| tree | cdaa6fa4f505e22902ff9b4c9ee71f6c715caeab /src | |
| parent | 5dec5e287e60d13008373a38eadce91cf02da6a0 (diff) | |
| download | luaossl-59cc755e2a48b0d479480c09bf0b9893ffdfce36.tar.gz luaossl-59cc755e2a48b0d479480c09bf0b9893ffdfce36.tar.bz2 luaossl-59cc755e2a48b0d479480c09bf0b9893ffdfce36.zip | |
bignum: validate hex and decimal strings before feeding to openssl
OpenSSL doesn't throw an error on invalid numbers
Diffstat (limited to 'src')
| -rw-r--r-- | src/openssl.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/openssl.c b/src/openssl.c index 66a6168..4ca8da7 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | #include <strings.h> /* strcasecmp(3) */ | 29 | #include <strings.h> /* strcasecmp(3) */ |
| 30 | #include <math.h> /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ | 30 | #include <math.h> /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ |
| 31 | #include <time.h> /* struct tm time_t strptime(3) time(2) */ | 31 | #include <time.h> /* struct tm time_t strptime(3) time(2) */ |
| 32 | #include <ctype.h> /* tolower(3) */ | 32 | #include <ctype.h> /* isdigit(3), isxdigit(3), tolower(3) */ |
| 33 | #include <errno.h> /* ENOMEM ENOTSUP EOVERFLOW errno */ | 33 | #include <errno.h> /* ENOMEM ENOTSUP EOVERFLOW errno */ |
| 34 | #include <assert.h> /* assert */ | 34 | #include <assert.h> /* assert */ |
| 35 | 35 | ||
| @@ -1685,7 +1685,7 @@ static _Bool f2bn(BIGNUM **bn, double f) { | |||
| 1685 | static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) { | 1685 | static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) { |
| 1686 | BIGNUM **bn; | 1686 | BIGNUM **bn; |
| 1687 | const char *str; | 1687 | const char *str; |
| 1688 | size_t len; | 1688 | size_t len, i; |
| 1689 | _Bool neg, hex = 0; | 1689 | _Bool neg, hex = 0; |
| 1690 | 1690 | ||
| 1691 | index = lua_absindex(L, index); | 1691 | index = lua_absindex(L, index); |
| @@ -1702,6 +1702,15 @@ static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) { | |||
| 1702 | 1702 | ||
| 1703 | if (str[neg] == '0' && (str[neg+1] == 'x' || str[neg+1] == 'X')) { | 1703 | if (str[neg] == '0' && (str[neg+1] == 'x' || str[neg+1] == 'X')) { |
| 1704 | hex = 1; | 1704 | hex = 1; |
| 1705 | for (i = 2+neg; i < len; i++) { | ||
| 1706 | if (!isxdigit(str[i])) | ||
| 1707 | luaL_argerror(L, 1, "invalid hex string"); | ||
| 1708 | } | ||
| 1709 | } else { | ||
| 1710 | for (i = neg; i < len; i++) { | ||
| 1711 | if (!isdigit(str[i])) | ||
| 1712 | luaL_argerror(L, 1, "invalid decimal string"); | ||
| 1713 | } | ||
| 1705 | } | 1714 | } |
| 1706 | 1715 | ||
| 1707 | bn = prepsimple(L, BIGNUM_CLASS); | 1716 | bn = prepsimple(L, BIGNUM_CLASS); |