mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
gpg: Fix possible out-of-bounds read in is_armored.
* g10/armor.c (check_input): Call is_armored only if LEN >= 2. (unarmor_pump): Use a 2 byte buffer for is_armored. -- Fixes-commit: 605276ef8cd449bfd574ae6c498fa5d7d265c5c7 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
8270580a5a
commit
5d1a9c4dc8
16
g10/armor.c
16
g10/armor.c
@ -190,13 +190,18 @@ initialize(void)
|
||||
is_initialized=1;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Check whether this is an armored file or not See also
|
||||
|
||||
/*
|
||||
* Check whether this is an armored file. See also
|
||||
* parse-packet.c for details on this code.
|
||||
*
|
||||
* Note that the buffer BUF needs to be at least 2 bytes long. If in
|
||||
* doubt that the second byte to 0.
|
||||
*
|
||||
* Returns: True if it seems to be armored
|
||||
*/
|
||||
static int
|
||||
is_armored( const byte *buf )
|
||||
is_armored (const byte *buf)
|
||||
{
|
||||
int ctb, pkttype;
|
||||
int indeterminate_length_allowed;
|
||||
@ -532,7 +537,7 @@ check_input( armor_filter_context_t *afx, IOBUF a )
|
||||
/* (the line is always a C string but maybe longer) */
|
||||
if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) )
|
||||
;
|
||||
else if( !is_armored( line ) ) {
|
||||
else if (len >= 2 && !is_armored (line)) {
|
||||
afx->inp_checked = 1;
|
||||
afx->inp_bypass = 1;
|
||||
return 0;
|
||||
@ -1411,8 +1416,9 @@ unarmor_pump (UnarmorPump x, int c)
|
||||
switch (x->state) {
|
||||
case STA_init:
|
||||
{
|
||||
byte tmp[1];
|
||||
byte tmp[2];
|
||||
tmp[0] = c;
|
||||
tmp[1] = 0;
|
||||
if ( is_armored (tmp) )
|
||||
x->state = c == '-'? STA_first_dash : STA_wait_newline;
|
||||
else {
|
||||
|
Loading…
x
Reference in New Issue
Block a user