1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Fix packet length checking in symkeyenc parser.

* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end.  Add additional check to cope for the 0je extra bytes needed for
AEAD.
--

Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780
This commit is contained in:
Werner Koch 2018-02-06 17:34:08 +01:00
parent 26c900a8f0
commit 8305739fe8
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1108,13 +1108,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen; int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen;
if (pktlen < 4) if (pktlen < 4)
{ goto too_short;
log_error ("packet(%d) too short\n", pkttype);
if (list_mode)
es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
version = iobuf_get_noeof (inp); version = iobuf_get_noeof (inp);
pktlen--; pktlen--;
if (version == 4) if (version == 4)
@ -1146,6 +1140,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
} }
else else
aead_algo = 0; aead_algo = 0;
if (pktlen < 2)
goto too_short;
s2kmode = iobuf_get_noeof (inp); s2kmode = iobuf_get_noeof (inp);
pktlen--; pktlen--;
hash_algo = iobuf_get_noeof (inp); hash_algo = iobuf_get_noeof (inp);
@ -1241,6 +1237,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
leave: leave:
iobuf_skip_rest (inp, pktlen, 0); iobuf_skip_rest (inp, pktlen, 0);
return rc; return rc;
too_short:
log_error ("packet(%d) too short\n", pkttype);
if (list_mode)
es_fprintf (listfp, ":symkey enc packet: [too short]\n");
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
} }