* parse-packet.c (read_protected_v3_mpi): Make sure to stop

reading even for corrupted packets. * keygen.c (generate_user_id): Need to allocate one byte more. Reported by Felix von Leitner.
2024-12-22 10:19:57 +01:00 · 2007-01-15 19:31:24 +00:00 · 2007-01-15 19:31:24 +00:00 · 006c5af165
commit 006c5af165
parent 05277262bc
3 changed files with 10 additions and 3 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,10 @@
+2007-01-15  Werner Koch  <wk@g10code.com>
+
+	* parse-packet.c (read_protected_v3_mpi): Make sure to stop
+	reading even for corrupted packets.
+	* keygen.c (generate_user_id): Need to allocate one byte more.
+	Reported by Felix von Leitner.
+
 2006-12-21  Werner Koch  <wk@g10code.com>

 	* gpg.c (main): New command --server.
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -2130,7 +2130,7 @@ generate_user_id()
    if( !p )
 	return NULL;
    n = strlen(p);
-    uid = xmalloc_clear( sizeof *uid + n - 1 );
+    uid = xmalloc_clear( sizeof *uid + n );
    uid->len = n;
    strcpy(uid->name, p);
    uid->ref = 1;
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1589,11 +1589,11 @@ read_protected_v3_mpi (IOBUF inp, unsigned long *length)
  buf = p = xmalloc (2 + nbytes);
  *p++ = nbits >> 8;
  *p++ = nbits;
-  for (; nbytes && length; nbytes--, --*length)
+  for (; nbytes && *length; nbytes--, --*length)
    *p++ = iobuf_get (inp);
  if (nbytes)
    {
-      log_error ("packet shorter tham mpi\n");
+      log_error ("packet shorter than mpi\n");
      xfree (buf);
      return NULL;
    }