diff options
-rw-r--r-- | changelog | 20 | ||||
-rw-r--r-- | ssh-agent-filter.C | 9 | ||||
-rwxr-xr-x | tests | 15 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 31 insertions, 15 deletions
@@ -1,3 +1,23 @@ +commit 87f2de93a6522bbcf17d1960e78641df8ecd85d3 (HEAD -> master) +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2018-11-19 21:27:42 +0100 + + base64_encode: fix two-byte out-of-bounds stack write + + BASE64_ENCODE_LENGTH() calculates the encoded size without padding + +commit bb0c140c38ef26352ad5618ddb4aebb1e184c50d +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2018-11-18 16:42:06 +0100 + + tests: describe the asserts + +commit cc7b883c67b78021c13df453abeb35d8d9055c35 (tag: 0.5.1, tiwe/master) +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2018-07-18 20:42:58 +0200 + + release 0.5.1 + commit ddea0ce92bad7e218be9ac46f76ff2c34fd43a15 Author: Timo Weingärtner <timo@tiwe.de> Date: 2018-05-10 17:50:04 +0200 diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 307be1f..b6d906b 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -116,12 +116,9 @@ string md5_hex (string const & s) { } string base64_encode (string const & s) { - struct base64_encode_ctx ctx; - base64_encode_init(&ctx); - char b64[BASE64_ENCODE_LENGTH(s.size())]; - auto len = base64_encode_update(&ctx, b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); - len += base64_encode_final(&ctx, b64 + len); - return {b64, len}; + char b64[BASE64_ENCODE_RAW_LENGTH(s.size())]; + base64_encode_raw(b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); + return {b64, sizeof(b64)}; } void cloexec (int fd) { @@ -57,19 +57,18 @@ produce_filtered_list () ( test_list_filter () { reference_out=$(ssh-add -L | grep ' key0$') - # sanity check: unfiltered shold be different from filtered - assertNotSame "$reference_out" "$(ssh-add -L)" + assertNotSame "sanity check: unfiltered shold be different from filtered" "$reference_out" "$(ssh-add -L)" - assertSame "$reference_out" "$(produce_filtered_list --comment key0)" - assertSame "$reference_out" "$(produce_filtered_list --comment-confirmed key0)" + assertSame "by comment" "$reference_out" "$(produce_filtered_list --comment key0)" + assertSame "by comment, confirmed" "$reference_out" "$(produce_filtered_list --comment-confirmed key0)" key0_md5=$(cut -d\ -f2 "$SHUNIT_TMPDIR/key0.pub" | base64 -d | md5sum - | cut -d\ -f1) - assertSame "$reference_out" "$(produce_filtered_list --fingerprint "$key0_md5")" - assertSame "$reference_out" "$(produce_filtered_list --fingerprint-confirmed "$key0_md5")" + assertSame "by md5 fingerprint" "$reference_out" "$(produce_filtered_list --fingerprint "$key0_md5")" + assertSame "by md5 fingerprint, confirmed" "$reference_out" "$(produce_filtered_list --fingerprint-confirmed "$key0_md5")" key0_base64=$(cut -d\ -f2 "$SHUNIT_TMPDIR/key0.pub") - assertSame "$reference_out" "$(produce_filtered_list --key "$key0_base64")" - assertSame "$reference_out" "$(produce_filtered_list --key-confirmed "$key0_base64")" + assertSame "by base64 encoded key" "$reference_out" "$(produce_filtered_list --key "$key0_base64")" + assertSame "by base64 encoded key, confirmed" "$reference_out" "$(produce_filtered_list --key-confirmed "$key0_base64")" } sign_key_with_key_filtered () ( @@ -1 +1 @@ -#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.5.1" +#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.5.2" |