security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Use inline functions to convert buffer data to scalars.

Browse source 
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-02-11 10:27:57 +01:00
parent f0f71a721c
commit 2183683bd6
31 changed files with 220 additions and 210 deletions
Download patch file Download diff file Expand all files Collapse all files

9
kbx/keybox-update.c
View file

@ -28,6 +28,7 @@
#include "keybox-defs.h"
#include "../common/sysutils.h"
#include "../common/host2net.h"
#define EXTSEP_S "."
@ -734,8 +735,7 @@ keybox_compress (KEYBOX_HANDLE hd)
buffer = _keybox_get_blob_image (blob, &length);
if (length > 4 && buffer[4] == KEYBOX_BLOBTYPE_HEADER)
{
u32 last_maint = ((buffer[20] << 24) | (buffer[20+1] << 16)
| (buffer[20+2] << 8) | (buffer[20+3]));
u32 last_maint = buf32_to_u32 (buffer+20);
if ( (last_maint + 3*3600) > time (NULL) )
{
@ -811,7 +811,7 @@ keybox_compress (KEYBOX_HANDLE hd)
rc = gpg_error (GPG_ERR_BUG);
break;
}
blobflags = ((buffer[pos] << 8) | (buffer[pos+1]));
blobflags = buf16_to_uint (buffer+pos);
if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
{
/* This is an ephemeral blob. */
@ -820,8 +820,7 @@ keybox_compress (KEYBOX_HANDLE hd)
|| size != 4)
created_at = 0; /* oops. */
else
created_at = ((buffer[pos] << 24) | (buffer[pos+1] << 16)
| (buffer[pos+2] << 8) | (buffer[pos+3]));
created_at = buf32_to_u32 (buffer+pos);
if (created_at && created_at < cut_time)
{