Commit f606b3cf authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Lower the maximum size of a private key file to 16 MB 

This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
parent 307275a5

src/lib/crypt_ops/crypto_rsa.c

+4 −1
Original line number Diff line number Diff line
@@ -540,6 +540,9 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, 
  return crypto_pk_read_from_string_generic(env, src, len, true);

}



/** If a file is longer than this, we won't try to decode its private key */

#define MAX_PRIVKEY_FILE_LEN (16*1024*1024)



/** Read a PEM-encoded private key from the file named by

 * <b>keyfile</b> into <b>env</b>.  Return 0 on success, -1 on failure.

 */
@@ -551,7 +554,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env, 
  char *buf = read_file_to_str(keyfile, 0, &st);

  if (!buf)

    return -1;

  if (st.st_size > SSIZE_MAX)

  if (st.st_size > MAX_PRIVKEY_FILE_LEN)

    return -1;



  int rv = crypto_pk_read_private_key_from_string(env, buf,