1 files changed, 10 insertions, 7 deletions

diff --git a/src/usr.bin/signify/signify.c b/src/usr.bin/signify/signify.c
index 7f13eca..06d28da 100644
--- a/src/usr.bin/signify/signify.c
+++ b/src/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.96 2015/01/07 19:53:34 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.100 2015/01/16 06:16:12 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -19,6 +19,7 @@
 #include <netinet/in.h>
 #include <resolv.h>
 
+#include <limits.h>
 #include <stdint.h>
 #include <fcntl.h>
 #include <string.h>
@@ -179,7 +180,7 @@ readmsg(const char *filename, unsigned long long *msglenp)
 			errx(1, "msg too large in %s", filename);
 		space = sb.st_size + 1;
 	} else {
-		space = 64 * 1024;
+		space = 64 * 1024 - 1;
 	}
 
 	msg = xmalloc(space + 1);
@@ -507,7 +508,7 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 #ifndef VERIFYONLY
 #define HASHBUFSIZE 224
 struct checksum {
-	char file[1024];
+	char file[PATH_MAX];
 	char hash[HASHBUFSIZE];
 	char algo[32];
 };
@@ -591,11 +592,13 @@ verifychecksums(char *msg, int argc, char **argv, int quiet)
 	while (line && *line) {
 		if ((endline = strchr(line, '\n')))
 			*endline++ = '\0';
-		rv = sscanf(line, "%31s (%1023s = %223s",
+#if PATH_MAX < 1024 || HASHBUFSIZE < 224
+#error sizes are wrong
+#endif
+		rv = sscanf(line, "%31s (%1023[^)]) = %223s",
 		    c.algo, c.file, c.hash);
-		if (rv != 3 || c.file[0] == 0 || c.file[strlen(c.file)-1] != ')')
+		if (rv != 3)
 			errx(1, "unable to parse checksum line %s", line);
-		c.file[strlen(c.file) - 1] = '\0';
 		line = endline;
 		if (argc) {
 			slot = ohash_qlookup(&myh, c.file);
@@ -647,7 +650,7 @@ main(int argc, char **argv)
 {
 	const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL,
 	    *sigfile = NULL;
-	char sigfilebuf[1024];
+	char sigfilebuf[PATH_MAX];
 	const char *comment = "signify";
 	int ch, rounds;
 	int embedded = 0;