projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix possible read of freed memory when verifying the signature of a file.
[tinc] / src / tincctl.c
diff --git a/src/tincctl.c b/src/tincctl.c
index f41e030..e42ec2c 100644 (file)
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -2517,6 +2517,7 @@ static int cmd_verify(int argc, char *argv[]) {
        }
 
        *newline++ = '\0';
+       size_t skip = newline - data;
 
        char signer[MAX_STRING_SIZE] = "";
        char sig[MAX_STRING_SIZE] = "";
@@ -2543,6 +2544,8 @@ static int cmd_verify(int argc, char *argv[]) {
        memcpy(data + len, trailer, trailer_len);
        free(trailer);
 
+       newline = data + skip;
+
        char fname[PATH_MAX];
        snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
        FILE *fp = fopen(fname, "r");
tinc, the VPN daemon