From 1c2140346d6ef9c35e303099d2d15be57869b4d5 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 26 Nov 2014 10:21:01 +0100 Subject: [PATCH] gpg: Change a bug() call to a regular error message. * g10/decrypt-data.c (decrypt_data): Return an error code instead of calling BUG(). -- This code path can be triggered by fuzzing gpg and thus with some likeness also by corrupt messages for other reasons. --- g10/decrypt-data.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 9c6ae73bf..03d38c9c9 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -130,7 +130,12 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) log_fatal ("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if ( ed->len && ed->len < (nprefix+2) ) - BUG(); + { + /* An invalid message. We can't check that during parsing + because we may not know the used cipher then. */ + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } if ( ed->mdc_method ) {