7bff25f replace 65 magic number by SHA256_DIGEST_LENGTH * 2 + 1 shiwh is more explicit while here add more sizeof() — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

replace 65 magic number by SHA256_DIGEST_LENGTH * 2 + 1 shiwh is more explicit while here add more sizeof()

Baptiste Daroussin committed 14 years ago

commit 7bff25fcff3bb6816fd0980d867f381ea50c2dc2
parent ac4b9a7

8 files changed +22 -21

modified libpkg/pkg_create.c

@@ -26,7 +26,7 @@ pkg_create_from_dir(struct pkg *pkg, const char *root, struct packing *pkg_archi

 	char *m;
 	const char *mtree;
 	struct stat st;
 	char sha256[65];
 	char sha256[SHA256_DIGEST_LENGTH * 2 + 1];
 	/*
 	 * if the checksum is not provided in the manifest recompute it

@@ -39,7 +39,7 @@ pkg_create_from_dir(struct pkg *pkg, const char *root, struct packing *pkg_archi

 		if ((pkg_file_sha256(file) == NULL || pkg_file_sha256(file)[0] == '\0') && lstat(fpath, &st) == 0 && !S_ISLNK(st.st_mode)) {
 			sha256_file(fpath, sha256);
 			strlcpy(file->sha256, sha256, 65);
 			strlcpy(file->sha256, sha256, sizeof(file->sha256));
 		}
 	}

modified libpkg/pkg_delete.c

@@ -87,7 +87,7 @@ int

 pkg_delete_files(struct pkg *pkg, int force)
 {
 	struct pkg_file *file = NULL;
 	char sha256[65];
 	char sha256[SHA224_DIGEST_LENGTH * 2 + 1];
 	const char *path;
 	while (pkg_files(pkg, &file) == EPKG_OK) {

modified libpkg/pkg_manifest.c

@@ -99,7 +99,7 @@ parse_mapping(struct pkg *pkg, yaml_node_pair_t *pair, yaml_document_t *document

 	yaml_node_pair_t *subpair;
 	char origin[BUFSIZ];
 	char version[BUFSIZ];
 	char sum[65];
 	char sum[SHA256_DIGEST_LENGTH * 2 + 1];
 	char uname[MAXLOGNAME + 1];
 	char gname[MAXLOGNAME + 1];
 	void *set;

modified libpkg/pkg_ports.c

@@ -18,7 +18,7 @@ ports_parse_plist(struct pkg *pkg, char *plist)

 	int nbel, i;
 	size_t next;
 	size_t len;
 	char sha256[65];
 	char sha256[SHA256_DIGEST_LENGTH * 2 + 1];
 	char path[MAXPATHLEN + 1];
 	char *last_plist_file = NULL;
 	char *cmd = NULL;

modified libpkg/pkg_private.h

@@ -5,9 +5,10 @@

 #include <sys/queue.h>
 #include <sys/sbuf.h>
 #include <sys/types.h>
 #include <stdbool.h>
 #include <archive.h>
 #include <openssl/sha.h>
 #include <stdbool.h>
 #include "pkg_util.h"

@@ -64,7 +65,7 @@ struct pkg_category {

 struct pkg_file {
 	char path[MAXPATHLEN +1];
 	char sha256[65];
 	char sha256[SHA256_DIGEST_LENGTH * 2 +1];
 	char uname[MAXLOGNAME +1];
 	char gname[MAXLOGNAME +1];
 	mode_t perm;

modified libpkg/pkg_repo.c

@@ -23,7 +23,7 @@ int

 pkg_repo_fetch(struct pkg *pkg)
 {
 	char dest[MAXPATHLEN + 1];
 	char cksum[65];
 	char cksum[SHA256_DIGEST_LENGTH * 2 +1];
 	char *path;
 	char *url;
 	int retcode = EPKG_OK;

@@ -118,7 +118,7 @@ load_rsa_public_key(const char *rsa_key_path)

 int
 pkg_repo_verify(const char *path, unsigned char *sig, unsigned int sig_len)
 {
 	char sha256[65];
 	char sha256[SHA256_DIGEST_LENGTH *2 +1];
 	char errbuf[1024];
 	RSA *rsa = NULL;

@@ -132,7 +132,7 @@ pkg_repo_verify(const char *path, unsigned char *sig, unsigned int sig_len)

 	if (rsa == NULL)
 		return(EPKG_FATAL);
 	if (RSA_verify(NID_sha1, sha256, 65, sig, sig_len, rsa) == 0) {
 	if (RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, sig_len, rsa) == 0) {
 		EMIT_PKG_ERROR("%s: %s", pkg_config("PUBKEY"), ERR_error_string(ERR_get_error(), errbuf));
 		return (EPKG_FATAL);
 	}

@@ -168,7 +168,7 @@ pkg_create_repo(char *path, void (progress)(struct pkg *pkg, void *data), void *

 	char *errmsg = NULL;
 	int retcode = EPKG_OK;
 	char *pkg_path;
 	char cksum[65];
 	char cksum[SHA256_DIGEST_LENGTH * 2 +1];
 	char *repopath[2];
 	char repodb[MAXPATHLEN + 1];

@@ -478,7 +478,7 @@ pkg_finish_repo(char *path, pem_password_cb *password_cb, char *rsa_key_path)

 	unsigned char *sigret = NULL;
 	int siglen = 0;
 	RSA *rsa = NULL;
 	char sha256[65];
 	char sha256[SHA256_DIGEST_LENGTH * 2 +1];
 	snprintf(repo_path, sizeof(repo_path), "%s/repo.sqlite", path);
 	snprintf(repo_archive, sizeof(repo_archive), "%s/repo", path);

@@ -502,7 +502,7 @@ pkg_finish_repo(char *path, pem_password_cb *password_cb, char *rsa_key_path)

 		sha256_file(repo_path, sha256);
 		if (RSA_sign(NID_sha1, sha256, 65, sigret, &siglen, rsa) == 0) {
 		if (RSA_sign(NID_sha1, sha256, sizeof(sha256), sigret, &siglen, rsa) == 0) {
 			/* XXX pass back RSA errors correctly */
 			EMIT_PKG_ERROR("%s: %lu", rsa_key_path, ERR_get_error());
 			return EPKG_FATAL;

modified libpkg/pkg_util.c

@@ -10,8 +10,6 @@

 #include <unistd.h>
 #include <string.h>
 #include <openssl/sha.h>
 #include "pkg.h"
 #include "pkg_event.h"
 #include "pkg_util.h"

@@ -219,17 +217,17 @@ is_dir(const char *path)

 }
 static void
 sha256_hash(unsigned char hash[SHA256_DIGEST_LENGTH], char out[65])
 sha256_hash(unsigned char hash[SHA256_DIGEST_LENGTH], char out[SHA256_DIGEST_LENGTH * 2 + 1])
 {
 	int i;
 	for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
 		sprintf(out + (i * 2), "%02x", hash[i]);
 	out[64] = '\0';
 	out[sizeof(out) -1] = '\0';
 }
 void
 sha256_str(const char *string, char out[65])
 sha256_str(const char *string, char out[SHA256_DIGEST_LENGTH * 2 + 1])
 {
 	unsigned char hash[SHA256_DIGEST_LENGTH];
 	SHA256_CTX sha256;

@@ -242,7 +240,7 @@ sha256_str(const char *string, char out[65])

 }
 int
 sha256_file(const char *path, char out[65])
 sha256_file(const char *path, char out[SHA256_DIGEST_LENGTH * 2 + 1])
 {
 	FILE *fp;
 	char buffer[BUFSIZ];

modified libpkg/pkg_util.h

@@ -5,6 +5,8 @@

 #include <sys/sbuf.h>
 #include <sys/param.h>
 #include <openssl/sha.h>
 #define STARTS_WITH(string, needle) (strncasecmp(string, needle, strlen(needle)) == 0)
 #define ERROR_SQLITE(db) \

@@ -23,6 +25,6 @@ int file_fetch(const char *, const char *);

 int is_dir(const char *);
 int is_conf_file(const char *path, char newpath[MAXPATHLEN]);
 int sha256_file(const char *, char[65]);
 void sha256_str(const char *, char[65]);
 int sha256_file(const char *, char[SHA256_DIGEST_LENGTH * 2 +1]);
 void sha256_str(const char *, char[SHA256_DIGEST_LENGTH * 2 +1]);
 #endif