1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

kbx: Fix possible segv in kbxdump.

* kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-11-15 08:36:39 +01:00
parent b27161cd0c
commit 9ae48b173c

View File

@ -402,7 +402,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
n = get32 (p ); p += 4; n = get32 (p ); p += 4;
fprintf (fp, "Reserved-Space: %lu\n", n ); fprintf (fp, "Reserved-Space: %lu\n", n );
if (unhashed >= 24) if (n >= 4 && unhashed >= 24)
{ {
n = get32 ( buffer + length - unhashed); n = get32 ( buffer + length - unhashed);
fprintf (fp, "Storage-Flags: %08lx\n", n ); fprintf (fp, "Storage-Flags: %08lx\n", n );