openpgp-tool: fix buffer overflow on serials with MSb set

Fixes the following crash: $ openpgp-tool --card-info Using reader with a card: Linux Foundation Multifunction Composite Gadget - vincent [python-usb-f-ccid] 00 00 AID: d2:76:00:01:24:01:03:41:ff:65:a4:9b:68:64:00:00 Version: 3.41 Manufacturer: unmanaged S/N range *** buffer overflow detected ***: terminated Abandon (core dumped) "a4:9b:68:64" from the AID being the serial, and: (gdb) print (data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]) $12 = -1533319068 but (gdb) print (unsigned long) (data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]) $13 = 18446744072176232548 Avoid the shifts and cast altogether.
haijie-ftsafe · Sep 19, 2021 · dd4afa0 · dd4afa0
1 parent e4fdbeb
commit dd4afa0
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
@@ -325,9 +325,7 @@ static char *prettify_serialnumber(u8 *data, size_t length)
 {
  if (data != NULL && length >= 4) {
  static char result[15]; /* large enough for even 2*3 digits + separator */
- unsigned long serial = (unsigned long) (data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]);
-
- sprintf(result, "%08lX", serial);
+ sprintf(result, "%02X%02X%02X%02X", data[0], data[1], data[2], data[3]);
  return result;
  }
  return NULL;