security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

common: Protect against a theoretical integer overflow in tlv.c 

* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--

Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
This commit is contained in:
Werner Koch 2022-10-07 14:12:33 +02:00
parent 64002ffdfc
commit 94d13f53a3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/tlv.c
View File

@ -222,6 +222,11 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
*r_length = len;
}
if (*r_length > *r_nhdr && (*r_nhdr + *r_length) < *r_length)
{
return gpg_err_make (default_errsource, GPG_ERR_EOVERFLOW);
}
/* Without this kludge some example certs can't be parsed. */
if (*r_class == CLASS_UNIVERSAL && !*r_tag)
*r_length = 0;