mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-09 23:39:51 +02:00
gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
(backported from commit 0988764397
)
This commit is contained in:
parent
92a7949ae6
commit
7a068ac50b
|
@ -2102,6 +2102,14 @@ parse_attribute_subpkts(PKT_user_id *uid)
|
|||
if( buflen < n )
|
||||
goto too_short;
|
||||
|
||||
if (!n)
|
||||
{
|
||||
/* Too short to encode the subpacket type. */
|
||||
if (opt.verbose)
|
||||
log_info ("attribute subpacket too short\n");
|
||||
break;
|
||||
}
|
||||
|
||||
attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
|
||||
memset(&attribs[count],0,sizeof(struct user_attribute));
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user