mirror of
git://git.gnupg.org/gnupg.git
synced 2025-05-24 16:43:28 +02:00
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp if the lengths are equal. -- GnuPG-bug-id: 7662 Signed-off-by: Collin Funk <collin.funk1@gmail.com>
This commit is contained in:
parent
681d754043
commit
01cb3ba62d
@ -784,11 +784,11 @@ uncompress_ecc_q_in_canon_sexp (const unsigned char *keydata,
|
||||
return err;
|
||||
if (!tok)
|
||||
return gpg_error (GPG_ERR_BAD_PUBKEY);
|
||||
else if (toklen == 10 || !memcmp ("public-key", tok, toklen))
|
||||
else if (toklen == 10 && !memcmp ("public-key", tok, toklen))
|
||||
;
|
||||
else if (toklen == 11 || !memcmp ("private-key", tok, toklen))
|
||||
else if (toklen == 11 && !memcmp ("private-key", tok, toklen))
|
||||
;
|
||||
else if (toklen == 20 || !memcmp ("shadowed-private-key", tok, toklen))
|
||||
else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
|
||||
;
|
||||
else
|
||||
return gpg_error (GPG_ERR_BAD_PUBKEY);
|
||||
|
Loading…
x
Reference in New Issue
Block a user