security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-21 20:57:57 +02:00
Code Activity

common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.

Browse Source 
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.

--

GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
This commit is contained in:
Collin Funk via Gnupg-devel 2025-05-23 23:52:46 -07:00 committed by Werner Koch
parent 681d754043
commit 01cb3ba62d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/sexputil.c
View File

@ -784,11 +784,11 @@ uncompress_ecc_q_in_canon_sexp (const unsigned char *keydata,
return err;
if (!tok)
return gpg_error (GPG_ERR_BAD_PUBKEY);
else if (toklen == 10 || !memcmp ("public-key", tok, toklen))
else if (toklen == 10 && !memcmp ("public-key", tok, toklen))
;
else if (toklen == 11 || !memcmp ("private-key", tok, toklen))
else if (toklen == 11 && !memcmp ("private-key", tok, toklen))
;
else if (toklen == 20 || !memcmp ("shadowed-private-key", tok, toklen))
else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
;
else
return gpg_error (GPG_ERR_BAD_PUBKEY);