mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Avoid using an uninitialized SALT on premature EOF.
* g10/parse-packet.c (parse_key): Check for premature end of salt. -- This has no security implications because an arbitrary salt could have also been inset by an attacker. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
09accc0e3d
commit
85cc7449fb
@ -2313,6 +2313,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
|
||||
case 3:
|
||||
for (i = 0; i < 8 && pktlen; i++, pktlen--)
|
||||
temp[i] = iobuf_get_noeof (inp);
|
||||
if (i < 8)
|
||||
{
|
||||
err = gpg_error (GPG_ERR_INV_PACKET);
|
||||
goto leave;
|
||||
}
|
||||
memcpy (ski->s2k.salt, temp, 8);
|
||||
break;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user