additional SPA validation check to ensure no non-ascii printable chars in decoded...

author Michael Rash <mbr@cipherdyne.org>

Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)

committer Michael Rash <mbr@cipherdyne.org>

Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)
author Michael Rash <mbr@cipherdyne.org>
Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)
committer Michael Rash <mbr@cipherdyne.org>
Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)
diff --git a/lib/fko_decode.c b/lib/fko_decode.c

index 2706763..f60fa1b 100644 (file)
--- a/lib/fko_decode.c
+++ b/lib/fko_decode.c
@@ -52,6 +52,12 @@ fko_decode_spa_data(fko_ctx_t ctx)
             MAX_SPA_ENCODED_MSG_SIZE) == MAX_SPA_ENCODED_MSG_SIZE)
         return(FKO_ERROR_INVALID_DATA);
 
+    /* Make sure there are no non-ascii printable chars
+    */
+    for (i=0; i < strnlen(ctx->encoded_msg, MAX_SPA_ENCODED_MSG_SIZE); i++)
+        if(isprint(ctx->encoded_msg[i]) == 0)
+            return(FKO_ERROR_INVALID_DATA);
+
     /* Make sure there are enough fields in the SPA packet
      * delimited with ':' chars
     */
author	Michael Rash <mbr@cipherdyne.org>
	Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)
committer	Michael Rash <mbr@cipherdyne.org>
	Wed, 14 Nov 2012 02:16:27 +0000 (21:16 -0500)