security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Fix packet length checking in symkeyenc parser. 

* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end.  Add additional check to cope for the 0je extra bytes needed for
AEAD.
--

Fixes-commit: 9aab9167bc
GnuPG-bug-id: 3780
This commit is contained in:
Werner Koch 2018-02-06 17:34:08 +01:00
parent 26c900a8f0
commit 8305739fe8
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
g10/parse-packet.c
View File

@ -1108,13 +1108,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen;
if (pktlen < 4)
{
log_error ("packet(%d) too short\n", pkttype);
if (list_mode)
es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
goto too_short;
version = iobuf_get_noeof (inp);
pktlen--;
if (version == 4)
@ -1146,6 +1140,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
}
else
aead_algo = 0;
if (pktlen < 2)
goto too_short;
s2kmode = iobuf_get_noeof (inp);
pktlen--;
hash_algo = iobuf_get_noeof (inp);
@ -1241,6 +1237,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
leave:
iobuf_skip_rest (inp, pktlen, 0);
return rc;
too_short:
log_error ("packet(%d) too short\n", pkttype);
if (list_mode)
es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}