security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

g10: Fix undefined behavior when EOF in parsing packet for S2K. 

* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.

--

When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
undefined.  This patch fixes undefined behavior.

Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2018-08-10 15:29:06 +09:00
parent e88f56f193
commit 1b309d9f61
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/parse-packet.c
View File

@ -1186,7 +1186,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
}
if (s2kmode == 3)
{
k->s2k.count = iobuf_get (inp);
k->s2k.count = iobuf_get_noeof (inp);
pktlen--;
}
k->seskeylen = seskeylen;
@ -2528,7 +2528,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
ski->s2k.count = iobuf_get (inp);
ski->s2k.count = iobuf_get_noeof (inp);
pktlen--;
if (list_mode)
es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",