security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Use inline functions to convert buffer data to scalars.

Browse source 
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd6)

Signed-off-by: Werner Koch <wk@gnupg.org>

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Werner Koch 2015-02-21 23:10:32 -05:00
parent 7106165fd3
commit 57af33d9e7
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
12 changed files with 148 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

14
g10/keygen.c
View file

@ -40,6 +40,7 @@
#include "i18n.h"
#include "cardglue.h"
#include "keyserver-internal.h"
#include "host2net.h"
#define MAX_PREFS 30
@ -832,10 +833,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
}
else if(buf[1]==255)
{
pktlen =buf[2] << 24;
pktlen|=buf[3] << 16;
pktlen|=buf[4] << 8;
pktlen|=buf[5];
pktlen = buf32_to_size_t (buf+2);
buf+=6;
}
else
@ -852,14 +850,14 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
break;
case 2:
pktlen =buf[mark++] << 24;
pktlen|=buf[mark++] << 16;
pktlen = (size_t)buf[mark++] << 24;
pktlen |= buf[mark++] << 16;
case 1:
pktlen|=buf[mark++] << 8;
pktlen |= buf[mark++] << 8;
case 0:
pktlen|=buf[mark++];
pktlen |= buf[mark++];
}
buf+=mark;