diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-09-17 11:08:56 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-17 11:08:56 -0400 |
| commit | f606b3cfd157dc52872e8b40a9a042861d9246e1 (patch) | |
| tree | 4b1d7c79700be496bb4d066270b47071ef7a5bd9 /src/lib/crypt_ops | |
| parent | 307275a5e44241fd05f17b22da284c485e019743 (diff) | |
| download | tor-f606b3cfd157dc52872e8b40a9a042861d9246e1.tar.gz tor-f606b3cfd157dc52872e8b40a9a042861d9246e1.zip | |
Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.
I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
Diffstat (limited to 'src/lib/crypt_ops')
| -rw-r--r-- | src/lib/crypt_ops/crypto_rsa.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c index 567b4531ae..c3c6db6c31 100644 --- a/src/lib/crypt_ops/crypto_rsa.c +++ b/src/lib/crypt_ops/crypto_rsa.c @@ -540,6 +540,9 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, return crypto_pk_read_from_string_generic(env, src, len, true); } +/** If a file is longer than this, we won't try to decode its private key */ +#define MAX_PRIVKEY_FILE_LEN (16*1024*1024) + /** Read a PEM-encoded private key from the file named by * <b>keyfile</b> into <b>env</b>. Return 0 on success, -1 on failure. */ @@ -551,7 +554,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env, char *buf = read_file_to_str(keyfile, 0, &st); if (!buf) return -1; - if (st.st_size > SSIZE_MAX) + if (st.st_size > MAX_PRIVKEY_FILE_LEN) return -1; int rv = crypto_pk_read_private_key_from_string(env, buf, |