security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Fix for Debian bug 402592

Browse Source
This commit is contained in:
Werner Koch 2007-02-04 17:23:00 +00:00
parent 7759f3017e
commit 1c2a81fcee
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
2007-02-04 Werner Koch <wk@g10code.com>
* parse-packet.c (parse_signature): Limit bytes read for an
unknown alogorithm. Fixes Debian bug#402592.
2007-01-31 Werner Koch <wk@g10code.com> 2007-01-31 Werner Koch <wk@g10code.com>
* verify.c (verify_signatures): Do no dereference a NULL afx. * verify.c (verify_signatures): Do no dereference a NULL afx.

16
g10/parse-packet.c
View File

@ -1494,9 +1494,19 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
unknown_pubkey_warning( sig->pubkey_algo ); unknown_pubkey_warning( sig->pubkey_algo );
/* We store the plain material in data[0], so that we are able /* We store the plain material in data[0], so that we are able
* to write it back with build_packet() */ * to write it back with build_packet() */
sig->data[0]= gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0), if (pktlen > (5 * MAX_EXTERN_MPI_BITS/8))
pktlen*8 ); {
pktlen = 0; /* However we include a limit to avoid too trivial DoS
attacks by having gpg allocate too much memory. */
log_error ("signature packet: too much data\n");
rc = G10ERR_INVALID_PACKET;
}
else
{
sig->data[0]= gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
pktlen*8 );
pktlen = 0;
}
} }
else { else {
for( i=0; i < ndata; i++ ) { for( i=0; i < ndata; i++ ) {