security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Avoid using an uninitialized SALT on premature EOF. 

* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-01-06 08:48:44 +01:00
parent 09accc0e3d
commit 85cc7449fb
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
g10/parse-packet.c
View File

@ -2313,6 +2313,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
case 3:
for (i = 0; i < 8 && pktlen; i++, pktlen--)
temp[i] = iobuf_get_noeof (inp);
if (i < 8)
{
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
memcpy (ski->s2k.salt, temp, 8);
break;
}