Use inline functions to convert buffer data to scalars.

* common/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- Commit 91b826a388 was not enough to avoid all sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that once and for all almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-02-11 10:27:57 +01:00 · 2015-02-11 10:27:57 +01:00 · 2183683bd6
commit 2183683bd6
parent f0f71a721c
31 changed files with 220 additions and 210 deletions
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -27,6 +27,7 @@
 #include "agent.h"
 #include "i18n.h"
 #include "cvt-openpgp.h"
+#include "host2net.h"


 /* Helper to pass data via the callback to do_unprotect. */
@ -487,7 +488,7 @@ do_unprotect (const char *passphrase,
      ndata = (ndatabits+7)/8;

      if (ndata > 1)
-        csum_pgp7 = p[ndata-2] << 8 | p[ndata-1];
+        csum_pgp7 = buf16_to_u16 (p+ndata-2);
      data = xtrymalloc_secure (ndata);
      if (!data)
        {
@ -531,7 +532,7 @@ do_unprotect (const char *passphrase,
            }
          else
            {
-              desired_csum = (data[ndata-2] << 8 | data[ndata-1]);
+              desired_csum = buf16_to_u16 (data+ndata-2);
              actual_csum = checksum (data, ndata-2);
              if (desired_csum != actual_csum)
                {
@ -586,7 +587,7 @@ do_unprotect (const char *passphrase,
          p = gcry_mpi_get_opaque (skey[i], &ndatabits);
          ndata = (ndatabits+7)/8;

-          if (!(ndata >= 2) || !(ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2))
+          if (!(ndata >= 2) || !(ndata == (buf16_to_ushort (p) + 7)/8 + 2))
            {
              gcry_cipher_close (cipher_hd);
              return gpg_error (GPG_ERR_BAD_SECKEY);