pubkey-speed: Add sanity check for the number of rounds
authorTobias Brunner <tobias@strongswan.org>
Mon, 2 Mar 2020 16:37:54 +0000 (17:37 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 3 Mar 2020 10:34:22 +0000 (11:34 +0100)
The allocated buffer for the signatures is based on this, which LGTM
doesn't like.

scripts/pubkey_speed.c

index 83ab4e4..21e4d2c 100644 (file)
@@ -56,6 +56,10 @@ int main(int argc, char *argv[])
        }
 
        rounds = atoi(argv[3]);
+       if (rounds < 0 || rounds > (2^26))
+       {       /* arbitrary limit to the number of chunk_t/sigs that fit into 1 GiB */
+               usage();
+       }
 
        if (streq(argv[2], "rsa"))
        {