From: Pekka Riikonen <priikone@silcnet.org>
Date: Tue, 8 Jan 2008 07:48:42 +0000 (+0000)
Subject: 	Fixed fingerprint generation.  RedHat bug 372021.
X-Git-Tag: silc.toolkit.1.1.6~1
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=2a6fc9825b5d5034543c482195f24c7db494d527

	Fixed fingerprint generation.  RedHat bug 372021.
---

diff --git a/CHANGES b/CHANGES
index 9376a926..5d9787ad 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+Tue Jan  8 09:41:57 EET 2008  Pekka Riikonen <priikone@silcnet.org>
+
+	* Fixed printable fingerprint bufferoverlfow, RedHat bug 372021.
+	  Affected file is lib/silcutil/silcutil.c.
+
 Sun Dec 30 14:00:46 EET 2007  Pekka Riikonen <priikone@silcnet.org>
 
 	* Fixed unix signal delivery in SILC scheduler.  Affected file
diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index a63efa9f..b0f8e117 100644
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -467,28 +467,41 @@ SilcBool silc_hash_public_key_compare(void *key1, void *key2,
 
 char *silc_fingerprint(const unsigned char *data, SilcUInt32 data_len)
 {
-  char fingerprint[64], *cp;
-  int i;
-
-  memset(fingerprint, 0, sizeof(fingerprint));
-  cp = fingerprint;
+  unsigned char *fingerprint, *cp;
+  unsigned int len, blocks, i;
+  
+  if (!data || !data_len)
+    return NULL;
+
+  if (data_len >= 256)
+    data_len = 255;
+
+  /* Align and calculate total length */
+  len = ((data_len + 19) / 20) * 20;
+  blocks = (len / 10);
+  len = (len * 2) + ((blocks - 1) * 2) + (4 * blocks) + 2 + 1;
+
+  cp = fingerprint = silc_calloc(len, sizeof(*fingerprint));
+  if (!cp)
+    return NULL;
+  
   for (i = 0; i < data_len; i++) {
-    silc_snprintf(cp, sizeof(fingerprint), "%02X", data[i]);
+    silc_snprintf(cp, len, "%02X", data[i]);
     cp += 2;
+    len -= 2;
 
     if ((i + 1) % 2 == 0)
-      silc_snprintf(cp++, sizeof(fingerprint), " ");
-
+      silc_snprintf(cp++, len--, " ");
     if ((i + 1) % 10 == 0)
-      silc_snprintf(cp++, sizeof(fingerprint), " ");
+      silc_snprintf(cp++, len--, " ");
   }
   i--;
-  if ((i + 1) % 2 == 0)
-    cp[-2] = 0;
   if ((i + 1) % 10 == 0)
-    cp[-1] = 0;
+    *(--cp) = '\0';  
+  if ((i + 1) % 2 == 0)
+    *(--cp) = '\0';
 
-  return strdup(fingerprint);
+  return fingerprint;
 }
 
 /* Return TRUE if the `data' is ASCII string. */