security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-12 18:11:03 +02:00
Code Activity

scd: Take care of possible buffer overflow in do_auth.

Browse Source 
* scd/app-openpgp.c (do_auth): Check the length in the heuristic.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2025-06-05 10:21:48 +09:00
parent eb7d5d4d85
commit 27e6622322
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scd/app-openpgp.c
View File

@ -5641,13 +5641,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC)
{ {
/* This is a heuristic to strip off the OID of digest. Fully
implemented, it would be use of X macro in do_sign above. */
if (indatalen == 51 || indatalen == 67 || indatalen == 83) if (indatalen == 51 || indatalen == 67 || indatalen == 83)
{ {
const char *p = (const char *)indata + 19; const char *p = (const char *)indata + 19;
indata = p; indata = p;
indatalen -= 19; indatalen -= 19;
} }
else else if (indatalen > 15)
{ {
const char *p = (const char *)indata + 15; const char *p = (const char *)indata + 15;
indata = p; indata = p;