1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Avoid using an uninitialized SALT on premature EOF.

* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-01-06 08:48:44 +01:00
parent 09accc0e3d
commit 85cc7449fb
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -2313,6 +2313,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
case 3:
for (i = 0; i < 8 && pktlen; i++, pktlen--)
temp[i] = iobuf_get_noeof (inp);
if (i < 8)
{
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
memcpy (ski->s2k.salt, temp, 8);
break;
}